Atlassian Confluence Namespace OGNL Injection

critical Web App Scanning Plugin ID 113248

Synopsis

Atlassian Confluence Namespace OGNL Injection

Description

Atlassian Confluence Server and Data Center versions 1.3.x < 7.4.17, 7.13.x < 7.13.7, 7.14.x < 7.14.3, 7.15.x < 7.15.2, 7.16.x < 7.16.4, 7.17.x < 7.17.4 and 7.18.x < 7.18.1 suffer from an OGNL injection vulnerability by crafting a specific URL, allowing an unauthenticated attacker to perform a remote code execution on the target application.

Solution

Update your Confluence installation to version 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 or 7.18.1. If the upgrade is not possible, apply the temporary mitigation provided in the vendor advisory.

See Also

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://jira.atlassian.com/browse/CONFSERVER-79016

Plugin Details

Severity: Critical

ID: 113248

Type: remote

Published: 6/4/2022

Updated: 6/15/2022

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-26134

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2022-26134

Vulnerability Information

CPE: cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*

Exploit Available: true

CISA Known Exploited Vulnerability Due Dates: 6/6/2022

Reference Information

CVE: CVE-2022-26134