Vulnerability — CVE-2022-26134

CVE-2022-26134

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-26134
Description:: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Last updated date:: 08/08/2023

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/31/2022
Reference url to background: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 06/02/2022
Reference url to background: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 06/02/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/03/2022
Reference url to background: https://github.com/offlinehoster/CVE-2022-26134

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/03/2022
Reference url to background: https://github.com/crowsec-edtech/CVE-2022-26134

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/05/2022
Reference url to background: https://github.com/Vulnmachines/Confluence-CVE-2022-26134

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/05/2022
Reference url to background: https://github.com/abhishekmorla/CVE-2022-26134

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/06/2022
Reference url to background: https://github.com/archanchoudhury/Confluence-CVE-2022-26134

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/07/2022
Reference url to background: https://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/07/2022
Reference url to background: https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/07/2022
Reference url to background: https://github.com/whokilleddb/CVE-2022-26134-Confluence-RCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/07/2022
Reference url to background: https://github.com/Y000o/Confluence-CVE-2022-26134

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/07/2022
Reference url to background: https://github.com/PyterSmithDarkGhost/0DAYEXPLOITAtlassianConfluenceCVE-2022-26134

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/13/2022
Reference url to background: https://github.com/trhacknon/CVE-2022-26134-miam

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/14/2022
Reference url to background: http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/14/2022
Reference url to background: http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/15/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_namespace_ognl_injection.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/09/2022
Reference url to background: https://github.com/skhalsa-sigsci/CVE-2022-26134-LAB

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/04/2023
Reference url to background: https://github.com/MaskCyberSecurityTeam/CVE-2022-26134_Behinder_MemShell