RCE in Confluence (OGNL Injection)

Submitted on 7. June 2022 - 13:59 by rischi.
Last update on 8. June 2022 - 9:14.

IDs:

CVE-2022-26134

Keywords:

RCE, confluence

Description:

A critical RCE (Remote Code Execution) vulnerability for Atlassian Confluence with CVSS 10 has been published [1]. Exploits are available [2].

Airlock Gateway blocks known exploits with default Deny Rule TI_002 in level Standard (Group Template and Expression Language Injection).

Resolution:

We recommend updating all affected Confluence instances as soon as possible.

We further recommend to make sure that the Deny Rule Group Template and Expression Language Injection is active on all mappings protecting Atlassian Confluence instances.

In general, we recommend to check on a timely and regular basis that a suitable security level (usually Standard or Strict) for all Deny Rule groups is activated on all mappings for a preventive protection of your back-end applications.

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Airlock protects, requires changes in configuration

Reference:

[1] Confluence Server Webwork OGNL injection - CVE-2021-26084

[2] CVE-2021-26084 - Confluence Server Webwork OGNL injection

Main menu

Navigation

User menu

You are here

RCE in Confluence (OGNL Injection)

Main menu

Search form

Navigation

User menu

You are here

RCE in Confluence (OGNL Injection)