Atlassian has released a security advisory revealing a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells.
The vulnerability is a remote code execution tracked in both Confluence Server and Data Center.
Atlassian has patched the vulnerability, which affected all supported versions of Confluence Server and Data Center. The patched versions are:
- 7.4.17
- 7.13.7
- 7.14.3
- 7.15.2
- 7.16.4
- 7.17.4
- 7.18.1
As Confluence Servers are the target of attackers exploiting the vulnerability, Atlassian recommends installing these versions to protect your instances against attacks. Devices should be updated immediately or taken offline.
At DEMICON, our clients are our highest priority. We make sure to support you through any possible issues or inconveniences. If you need assistance with your Confluence Server or Data Center, don't hesitate to contact us.