1. Background introduction
Recently, the Department of Information Security detected a remote code execution vulnerability in Atlassian Confluence Server and Data Center (CVE-2022-26134).
Confluence is a professional enterprise knowledge management and collaboration software, which can also be used to build enterprise wikis. It is easy to use and can be used for enterprise teams to share information, document collaboration, brainstorming, and information push.
1.1 Vulnerability description
There is an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. Malicious attackers can use this vulnerability to inject malicious ONGL expressions on the target Atlassian Confluence Server and Data Center server, resulting in remote code execution and deployment of WebShell.
At present, it has been found to be exploited in the wild, and the exploit script has been released, and the affected units should be upgraded as soon as possible.
1.2 Vulnerability number
CVE-2022-26134
1.3 Vulnerability Level
Vulnerability Threat Level: Critical
2. Repair suggestions
2.1 Affected versions
1 2 3 4 5 6 7 8 9 10 11 |
|
2.2 Repair suggestions
1. Official fixes:
The official versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 have been released, which contain fixes for this vulnerability. Please upgrade to the new version as soon as possible
Download link:
Confluence Server Download Archives | Atlassian
Confluence Security Advisory 2022-06-02 | Confluence Data Center and Server 7.18 | Atlassian Documentation
2. Temporary slow-release solution:
Download the official xwork-.0.3-atlassian-10.jar to replace the original xwork jar file in the confluence/WEB-INF/lib/ directory, and restart Confluence Download
address:
https://packages. atlassian.com/maven-internal/opensymphony/xwork/1.0.3-atlassian-10/xwork-1.0.3-atlassian-10.jar
2.3 Reference link:
3. Vulnerability detection POC
Vulnerability recurrence
The method of exploiting this vulnerability is very simple. You can execute any command by directly sending the following request, and get the execution result in the HTTP return header:
1 2 3 4 5 6 7 |
|
1 |
|