Atlassian Confluence Command Injection (CVE-2022-26134) (Direct Check)

critical Nessus Plugin ID 162175

Synopsis

A web application running on the remote host is affected by a command injection vulnerability

Description

The Atlassian Confluence running on the remote host is affected by a command injection vulnerability. A remote, unauthenticated attacker can use this to execute arbitrary code.

Note this plugin currently only works against 7.14.x and below. This plugin is intended for testing LTS versions of Confluence.

Solution

Upgrade to Atlassian Confluence version 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1 or later.

See Also

http://www.nessus.org/u?c1df4fa0

http://www.nessus.org/u?5cd914cb

Plugin Details

Severity: Critical

ID: 162175

File Name: confluence_cve_2022_26134.nbin

Version: 1.55

Type: remote

Family: CGI abuses

Published: 6/14/2022

Updated: 11/22/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-26134

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:atlassian:confluence

Required KB Items: installed_sw/confluence

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/2/2022

Vulnerability Publication Date: 6/2/2022

CISA Known Exploited Vulnerability Due Dates: 6/6/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Atlassian Confluence Namespace OGNL Injection)

Reference Information

CVE: CVE-2022-26134

IAVA: 2022-A-0227