Atlassian released the fixes for the Confluence vulnerability that is under attack in the wild. The vulnerability is affecting Confluence Server and Data Center products. The vulnerability, tracked as CVE-2022-26134, is critical severity and allows remote code execution. It can be exploited by using Object-Graph Navigation Language injection.
The vulnerability, which was affecting all supported versions of Confluence Server and Data Center, is now patched. The patched versions are:
By installing these versions, customers can protect themselves against the attackers who are exploiting the vulnerability.
Censys, an internet asset discovery platform stated that there are 9,325 services across 8,347 distinct hosts still using the vulnerable version of the software. The proof-of-concept exploit was released last week, which enabled more attackers to target the vulnerability. GreyNoise’s CEO Andrew Morris stated that they detected 23 unique IP addresses exploiting the vulnerability. After the proof-of-concept exploit was released, this number was increased to 211 unique IP addresses.