In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before…
Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.
This vulnerability is currently on the CISA KEV list, which CISA only adds CVEs to when there is reliable evidence of active exploitation in the wild. For federal civilian agencies, BOD 22-01 requires remediation by the due date above. For everyone else, KEV is the strongest "patch immediately" signal you can get from public threat intel.
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Confluence Data Center | next of 1.3.0, unspecified, 7.13.0, unspecified, 7.14.0, unspecified, 7.15.0, unspecified, 7.16.0, unspecified, 7.17.0, unspecified, 7.18.0, unspecified |
| Atlassian | Confluence Server | next of 1.3.0, unspecified, 7.13.0, unspecified, 7.14.0, unspecified, 7.15.0, unspecified, 7.16.0, unspecified, 7.17.0, unspecified, 7.18.0, unspecified |
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection: