[CONFSERVER-79016] Remote code execution via OGNL injection in Confluence Server & Data Center - CVE-2022-26134 - Create and track feature requests for Atlassian products.

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1
Affects Version/s: 7.4.0, 7.4.16, 7.13.0, 7.13.6, 7.14.0, 7.14.2, 7.15.0, 7.15.1, 7.16.0, 7.16.3, 7.17.0, 7.17.3, 7.18.0
Component/s: None
Labels:

CVSS Score:
10
CVSS Severity:
Critical
CVE ID:
CVE-2022-26134

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.

The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

For more information, see https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

is duplicated by

CONFSERVER-79000 Unauthenticated remote code execution vulnerability via OGNL template injection - Duplicate

Closed

mentioned in: Confluence Security Advisory 2022-06-02; Page No Confluence page found with the given URL.; Page Failed to load; Page Failed to load; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(8 mentioned in)

Jeremy R made changes - 28/Aug/2023 4:50 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 805229 ]

Marissa Jensen (Inactive) made changes - 17/Nov/2022 4:29 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 707294 ]

Mohit Sharma made changes - 22/Aug/2022 8:20 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 674839 ]

Sunny Wu made changes - 02/Aug/2022 5:56 AM

Remote Link

Original: This issue links to "Page (Extranet)" [ 668072 ]

Sunny Wu made changes - 02/Aug/2022 1:22 AM

Remote Link

New: This issue links to "Page (Extranet)" [ 668072 ]

Adam G. made changes - 13/Jul/2022 8:00 PM

Remote Link

Original: This issue links to "Page (Confluence)" [ 662275 ]

Adam G. made changes - 13/Jul/2022 5:55 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 662275 ]

Rachel Robins made changes - 13/Jul/2022 4:09 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 662078 ]

Cathy S made changes - 05/Jul/2022 1:41 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 659379 ]

Sunny Wu made changes - 05/Jul/2022 6:05 AM

Remote Link

New: This issue links to "Page (Extranet)" [ 659235 ]

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 56 Start watching this issue

Created:: 03/Jun/2022 8:08 PM

Updated:: 28/Aug/2023 4:50 PM

Resolved:: 03/Jun/2022 8:17 PM

Confluence Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[CONFSERVER-79016] Remote code execution via OGNL injection in Confluence Server & Data Center - CVE-2022-26134

People

Dates