← voltar
CVE-2022-26134

CVE-2022-26134

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-917
Em resumo

O Confluence Server e Data Center têm uma falha crítica que permite que qualquer pessoa na internet execute código malicioso no servidor afetado sem precisar de senha. Isso ocorre porque a aplicação processa incorretamente entrada do usuário através de OGNL (Object-Graph Navigation Language), um sistema de templating.

Detalhe técnico

Um atacante remoto não autenticado pode explorar uma vulnerabilidade de injeção OGNL (CWE-917) no Confluence Server e Data Center para alcançar execução arbitrária de código. A vulnerabilidade resulta de validação insuficiente de entrada no processamento de expressões OGNL, permitindo injeção de expressões maliciosas que são avaliadas no servidor. Afeta versões 1.3.0–7.4.16, 7.13.0–7.13.6, 7.14.0–7.14.2, 7.15.0–7.15.1, 7.16.0–7.16.3, 7.17.0–7.17.3 e 7.18.0.

Resumo gerado e traduzido por IA a partir da descrição oficial.
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Atlassian · Confluence Data CenterAtlassian · Confluence Server
PoCs públicas encontradas77
githubgithub.com/W01fh4cker/Serein1250githubgithub.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL341githubgithub.com/jbaines-r7/through_the_wire174githubgithub.com/hev0x/CVE-2022-2613444githubgithub.com/crowsec-edtech/CVE-2022-2613430githubgithub.com/nxtexploit/CVE-2022-2613429githubgithub.com/SNCKER/CVE-2022-2613427githubgithub.com/SIFalcon/confluencePot20githubgithub.com/AmoloHT/CVE-2022-2613414githubgithub.com/whokilleddb/CVE-2022-26134-Confluence-RCE13githubgithub.com/iveresk/cve-2022-2613412githubgithub.com/redhuntlabs/ConfluentPwn12githubgithub.com/MaskCyberSecurityTeam/CVE-2022-26134_Behinder_MemShell9githubgithub.com/offlinehoster/CVE-2022-261348githubgithub.com/abhishekmorla/CVE-2022-261348githubgithub.com/keven1z/CVE-2022-261347githubgithub.com/BBD-YZZ/Confluence-RCE5githubgithub.com/archanchoudhury/Confluence-CVE-2022-261344githubgithub.com/kh4sh3i/CVE-2022-261344githubgithub.com/alcaparra/CVE-2022-261344githubgithub.com/Chocapikk/CVE-2022-261344githubgithub.com/Y000o/Confluence-CVE-2022-261344githubgithub.com/li8u99/CVE-2022-261344githubgithub.com/Debajyoti0-0/CVE-2022-261343githubgithub.com/cai-niao98/CVE-2022-261343githubgithub.com/Vulnmachines/Confluence-CVE-2022-261343githubgithub.com/skhalsa-sigsci/CVE-2022-26134-LAB3githubgithub.com/kyxiaxiang/CVE-2022-261343githubgithub.com/cbk914/CVE-2022-26134_check3githubgithub.com/KeepWannabe/BotCon3githubgithub.com/twoning/CVE-2022-26134-PoC2githubgithub.com/b4dboy17/CVE-2022-261342githubgithub.com/f4yd4-s3c/cve-2022-261342githubgithub.com/Brucetg/CVE-2022-261342githubgithub.com/ColdFusionX/CVE-2022-261342githubgithub.com/p4b3l1t0/confusploit2githubgithub.com/kailing0220/CVE-2022-261341githubgithub.com/1337in/CVE-2022-26134web1githubgithub.com/acfirthh/CVE-2022-261341githubgithub.com/r1skkam/TryHackMe-Atlassian-CVE-2022-261341githubgithub.com/reubensammut/cve-2022-261341githubgithub.com/0xAgun/CVE-2022-261341githubgithub.com/coskper-papa/CVE-2022-261341githubgithub.com/ma1am/CVE-2022-26134-Exploit-Detection1githubgithub.com/CJ-0107/cve-2022-261341githubgithub.com/axingde/CVE-2022-261341githubgithub.com/shamo0/CVE-2022-261341githubgithub.com/kelemaoya/CVE-2022-261341githubgithub.com/404fu/CVE-2022-26134-POC1githubgithub.com/Habib0x0/CVE-2022-261341githubgithub.com/wjlin0/CVE-2022-261340githubgithub.com/vesperp/CVE-2022-26134-Confluence0githubgithub.com/secjia/CVE-2022-261340githubgithub.com/sunny-kathuria/exploit_CVE-2022-261340githubgithub.com/Luchoane/CVE-2022-26134_conFLU0githubgithub.com/shiftsansan/CVE-2022-26134-Console0githubgithub.com/yigexioabai/CVE-2022-26134-cve10githubgithub.com/xanszZZ/ATLASSIAN-Confluence_rce0githubgithub.com/latings/CVE-2022-261340githubgithub.com/yyqxi/CVE-2022-261340githubgithub.com/tpdlshdmlrkfmcla/cve-2022-261340githubgithub.com/thetowsif/CVE-2022-261340githubgithub.com/MAHABUB122003/Atlassian-CVE-2022-261340githubgithub.com/crypt0lith/confluence-ognl-rce0githubgithub.com/roodhelios/CVE-2022-26134-OGNL-Injection0githubgithub.com/Muhammad-Ali007/Atlassian_CVE-2022-261340githubgithub.com/yTxZx/CVE-2022-261340githubgithub.com/DARKSTUFF-LAB/-CVE-2022-261340githubgithub.com/xsxtw/CVE-2022-261340githubgithub.com/cc3305/CVE-2022-261340githubgithub.com/Gilospy/CVE-2022-261340githubgithub.com/Khalidhaimur/CVE-2022-261340cve_referencepacketstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlnão verificadocve_referencepacketstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlnão verificadocve_referencepacketstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50952não verificadocve_referencepacketstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlhttps://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.htmlhttps://jira.atlassian.com/browse/CONFSERVER-79016https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26134