← volver
CVE-2022-26134

CVE-2022-26134

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-917
En resumen

Confluence Server y Data Center tienen una falla crítica que permite a cualquier persona en internet ejecutar código malicioso en el servidor afectado sin necesidad de contraseña. Esto ocurre porque la aplicación procesa incorrectamente la entrada del usuario a través de OGNL (Object-Graph Navigation Language), un sistema de plantillas.

Detalle técnico

Un atacante remoto no autenticado puede explotar una vulnerabilidad de inyección OGNL (CWE-917) en Confluence Server y Data Center para lograr ejecución arbitraria de código. La vulnerabilidad resulta de validación insuficiente en el manejo de expresiones OGNL, permitiendo la inyección de expresiones maliciosas que se evalúan en el servidor. Afecta versiones 1.3.0–7.4.16, 7.13.0–7.13.6, 7.14.0–7.14.2, 7.15.0–7.15.1, 7.16.0–7.16.3, 7.17.0–7.17.3 y 7.18.0.

Resumen generado y traducido por IA a partir de la descripción oficial.
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Atlassian · Confluence Data CenterAtlassian · Confluence Server
PoCs públicas encontradas77
githubgithub.com/W01fh4cker/Serein1250githubgithub.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL341githubgithub.com/jbaines-r7/through_the_wire174githubgithub.com/hev0x/CVE-2022-2613444githubgithub.com/crowsec-edtech/CVE-2022-2613430githubgithub.com/nxtexploit/CVE-2022-2613429githubgithub.com/SNCKER/CVE-2022-2613427githubgithub.com/SIFalcon/confluencePot20githubgithub.com/AmoloHT/CVE-2022-2613414githubgithub.com/whokilleddb/CVE-2022-26134-Confluence-RCE13githubgithub.com/iveresk/cve-2022-2613412githubgithub.com/redhuntlabs/ConfluentPwn12githubgithub.com/MaskCyberSecurityTeam/CVE-2022-26134_Behinder_MemShell9githubgithub.com/offlinehoster/CVE-2022-261348githubgithub.com/abhishekmorla/CVE-2022-261348githubgithub.com/keven1z/CVE-2022-261347githubgithub.com/BBD-YZZ/Confluence-RCE5githubgithub.com/archanchoudhury/Confluence-CVE-2022-261344githubgithub.com/kh4sh3i/CVE-2022-261344githubgithub.com/alcaparra/CVE-2022-261344githubgithub.com/Chocapikk/CVE-2022-261344githubgithub.com/Y000o/Confluence-CVE-2022-261344githubgithub.com/li8u99/CVE-2022-261344githubgithub.com/Debajyoti0-0/CVE-2022-261343githubgithub.com/cai-niao98/CVE-2022-261343githubgithub.com/Vulnmachines/Confluence-CVE-2022-261343githubgithub.com/skhalsa-sigsci/CVE-2022-26134-LAB3githubgithub.com/kyxiaxiang/CVE-2022-261343githubgithub.com/cbk914/CVE-2022-26134_check3githubgithub.com/KeepWannabe/BotCon3githubgithub.com/twoning/CVE-2022-26134-PoC2githubgithub.com/b4dboy17/CVE-2022-261342githubgithub.com/f4yd4-s3c/cve-2022-261342githubgithub.com/Brucetg/CVE-2022-261342githubgithub.com/ColdFusionX/CVE-2022-261342githubgithub.com/p4b3l1t0/confusploit2githubgithub.com/kailing0220/CVE-2022-261341githubgithub.com/1337in/CVE-2022-26134web1githubgithub.com/acfirthh/CVE-2022-261341githubgithub.com/r1skkam/TryHackMe-Atlassian-CVE-2022-261341githubgithub.com/reubensammut/cve-2022-261341githubgithub.com/0xAgun/CVE-2022-261341githubgithub.com/coskper-papa/CVE-2022-261341githubgithub.com/ma1am/CVE-2022-26134-Exploit-Detection1githubgithub.com/CJ-0107/cve-2022-261341githubgithub.com/axingde/CVE-2022-261341githubgithub.com/shamo0/CVE-2022-261341githubgithub.com/kelemaoya/CVE-2022-261341githubgithub.com/404fu/CVE-2022-26134-POC1githubgithub.com/Habib0x0/CVE-2022-261341githubgithub.com/wjlin0/CVE-2022-261340githubgithub.com/vesperp/CVE-2022-26134-Confluence0githubgithub.com/secjia/CVE-2022-261340githubgithub.com/sunny-kathuria/exploit_CVE-2022-261340githubgithub.com/Luchoane/CVE-2022-26134_conFLU0githubgithub.com/shiftsansan/CVE-2022-26134-Console0githubgithub.com/yigexioabai/CVE-2022-26134-cve10githubgithub.com/xanszZZ/ATLASSIAN-Confluence_rce0githubgithub.com/latings/CVE-2022-261340githubgithub.com/yyqxi/CVE-2022-261340githubgithub.com/tpdlshdmlrkfmcla/cve-2022-261340githubgithub.com/thetowsif/CVE-2022-261340githubgithub.com/MAHABUB122003/Atlassian-CVE-2022-261340githubgithub.com/crypt0lith/confluence-ognl-rce0githubgithub.com/roodhelios/CVE-2022-26134-OGNL-Injection0githubgithub.com/Muhammad-Ali007/Atlassian_CVE-2022-261340githubgithub.com/yTxZx/CVE-2022-261340githubgithub.com/DARKSTUFF-LAB/-CVE-2022-261340githubgithub.com/xsxtw/CVE-2022-261340githubgithub.com/cc3305/CVE-2022-261340githubgithub.com/Gilospy/CVE-2022-261340githubgithub.com/Khalidhaimur/CVE-2022-261340cve_referencepacketstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlno verificadocve_referencepacketstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlno verificadocve_referencepacketstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlno verificadoexploitdbwww.exploit-db.com/exploits/50952no verificadocve_referencepacketstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlhttps://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.htmlhttps://jira.atlassian.com/browse/CONFSERVER-79016https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26134