Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ATLASSIAN_CONFLUENCE_CONFSERVER-79016.NASL
HistoryJan 04, 2023 - 12:00 a.m.

Atlassian Confluence Command Injection (CONFSERVER-79016)

2023-01-0400:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

According to its self-reported version number, the Atlassian Confluence running on the remote host is affected by a command injection vulnerability. A remote, unauthenticated attacker can use this to execute arbitrary code.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(169509);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/07");

  script_cve_id("CVE-2022-26134");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/06");
  script_xref(name:"CEA-ID", value:"CEA-2022-0023");

  script_name(english:"Atlassian Confluence Command Injection (CONFSERVER-79016)");

  script_set_attribute(attribute:"synopsis", value:
"A web application running on the remote host is affected by a command injection
vulnerability");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Atlassian Confluence running
on the remote host is affected by a command injection vulnerability. A remote,
unauthenticated attacker can use this to execute arbitrary code.

Note that Nessus has not tested for this issue but has instead relied only on
the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/CONFSERVER-79016");
  # https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c1df4fa0");
  # https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5cd914cb");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Atlassian Confluence version 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26134");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Atlassian Confluence Namespace OGNL Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/04");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:confluence");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("confluence_win_installed.nbin", "confluence_nix_installed.nbin", "confluence_detect.nasl");
  script_require_keys("installed_sw/Atlassian Confluence");

  exit(0);
}

include('vcf.inc');

var app_name = 'Atlassian Confluence';

var app_info = vcf::combined_get_app_info(app:app_name);
vcf::check_granularity(app_info:app_info, sig_segments:3);

var constraints = [
  {"min_version": "1.3.0",  "fixed_version": "7.4.17",  "fixed_display": "7.4.17 / 7.18.1"},
  {"min_version": "7.5.0",  "fixed_version": "7.13.7",  "fixed_display": "7.13.7 / 7.18.1"},
  {"min_version": "7.14.0", "fixed_version": "7.14.3",  "fixed_display": "7.14.3 / 7.18.1"},
  {"min_version": "7.15.0", "fixed_version": "7.15.2",  "fixed_display": "7.15.2 / 7.18.1"},
  {"min_version": "7.16.0", "fixed_version": "7.16.4",  "fixed_display": "7.16.4 / 7.18.1"},
  {"min_version": "7.17.0", "fixed_version": "7.17.4",  "fixed_display": "7.17.4 / 7.18.1"},
  {"min_version": "7.18.0", "fixed_version": "7.18.1",  "fixed_display": "7.18.1"}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
atlassianconfluencecpe:/a:atlassian:confluence

Related

nessus 2
malwarebytes 4
zdt 3
githubexploit 57
wallarmlab 1
akamaiblog 3
atlassian 2
qualysblog 4
cisa_kev 1
threatpost 2
cve 1
checkpoint_advisories 1
hivepro 1
thn 14
metasploit 1
trendmicroblog 1
nuclei 1
cisa 3
packetstorm 2
prion 1
impervablog 4
ubuntucve 1
exploitdb 1
kitploit 1
mssecure 1
mmpc 1
avleonov 2
rapid7blog 7
trellix 2
attackerkb 1
github 1
googleprojectzero 1
ics 2
nessus
nessus
Atlassian Confluence Command Injection (CVE-2022-26134)
2022-06-03 00:00:00
Atlassian Confluence Command Injection (CVE-2022-26134) (Direct Check)
2022-06-14 00:00:00
malwarebytes
malwarebytes
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
2022-06-14 12:43:08
[updated]Unpatched Atlassian Confluence vulnerability is actively exploited
2022-06-03 14:41:58
2022's most routinely exploited vulnerabilities—history repeats
2023-08-07 18:30:00
zdt
zdt
Confluence Data Center 7.18.0 - Remote Code Execution Exploit
2022-06-10 00:00:00
Confluence OGNL Injection Remote Code Execution Exploit
2022-06-07 00:00:00
Atlassian Confluence Namespace OGNL Injection Exploit
2022-06-09 00:00:00
githubexploit
githubexploit
Exploit for Injection in Atlassian Confluence Data Center
2022-06-08 07:54:56
Exploit for Injection in Atlassian Confluence Data Center
2022-07-14 01:28:16
Exploit for Injection in Atlassian Confluence Data Center
2022-06-13 01:25:39
wallarmlab
wallarmlab
Update on the Confluence 0-day vulnerability (CVE-2022-26134)
2022-06-03 20:50:59
akamaiblog
akamaiblog
Akamai?s Observations of Confluence Zero Day (CVE-2022-26134)
2022-06-28 13:00:00
Akamai Protects Against the Atlassian Confluence 0-Day (CVE-2022-26134)
2022-06-03 09:00:52
Akamai?s Observations of Confluence Zero Day (CVE-2022-26134)
2022-06-28 13:00:00
atlassian
atlassian
Unauthenticated remote code execution vulnerability via OGNL template injection - Duplicate
2022-06-02 03:36:35
Remote code execution via OGNL injection in Confluence Server & Data Center - CVE-2022-26134
2022-06-03 20:08:07
qualysblog
qualysblog
Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134)
2022-06-29 20:23:28
Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)
2022-08-17 10:12:53
Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities
2023-08-24 19:07:05
cisa_kev
cisa_kev
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
2022-06-02 00:00:00
threatpost
threatpost
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
2022-06-07 11:21:47
DragonForce Gang Unleash Hacks Against Govt. of India
2022-06-15 13:59:37
cve
cve
CVE-2022-26134
2022-06-03 22:15:00
checkpoint_advisories
checkpoint_advisories
Atlassian Confluence Remote Code Execution (CVE-2022-26134)
2022-06-06 00:00:00
hivepro
hivepro
Vulnerable Atlassian Confluence Servers utilized to drop Crypto Miners
2022-09-29 06:56:17
thn
thn
This Cloud Botnet Has Hijacked 30,000 Systems to Mine Cryptocurrencies
2022-07-20 11:44:00
Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild
2022-06-04 08:57:00
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
2022-09-16 10:58:00
metasploit
metasploit
Atlassian Confluence Namespace OGNL Injection
2022-06-03 19:27:13
trendmicroblog
trendmicroblog
Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware
2022-09-21 00:00:00
nuclei
nuclei
Confluence - Remote Code Execution
2022-06-03 20:11:56
cisa
cisa
CISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog  
2022-06-02 00:00:00
Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134
2022-06-03 00:00:00
Atlassian Releases Security Advisory for Confluence Server and Data Center, CVE-2022-26134
2022-06-02 00:00:00
packetstorm
packetstorm
Confluence OGNL Injection Remote Code Execution
2022-06-07 00:00:00
Atlassian Confluence Namespace OGNL Injection
2022-06-08 00:00:00
prion
prion
Code injection
2022-06-03 22:15:00
impervablog
impervablog
Imperva Earns Three Cyber Defense Global InfoSec Awards for 2022
2022-07-26 13:16:19
Imperva Customers are protected from Atlassian Confluence CVE-2022-26134
2022-06-04 22:05:24
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
2024-02-21 09:28:01
ubuntucve
ubuntucve
CVE-2022-26134
2022-06-03 00:00:00
exploitdb
exploitdb
Confluence Data Center 7.18.0 - Remote Code Execution (RCE)
2022-06-10 00:00:00
kitploit
kitploit
confluencePot - Simple Honeypot For Atlassian Confluence (CVE-2022-26134)
2022-06-13 12:30:00
mssecure
mssecure
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
2023-09-14 16:30:00
mmpc
mmpc
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
2023-09-14 16:30:00
avleonov
avleonov
Vulnerability Management news and publications #1
2022-07-06 12:13:56
Joint Advisory AA22-279A and Vulristics
2022-10-21 20:10:13
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-06-10 18:07:05
Active Exploitation of Confluence CVE-2022-26134
2022-06-02 23:27:15
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
2022-07-27 19:26:38
trellix
trellix
The Bug Report – June 2022 Edition
2022-07-06 00:00:00
The Bug Report – June 2022 Edition
2022-07-06 00:00:00
attackerkb
attackerkb
CVE-2022-26134
2022-07-13 00:00:00
github
github
Bypassing OGNL sandboxes for fun and charities
2023-01-27 16:00:49
googleprojectzero
googleprojectzero
2022 0-day In-the-Wild Exploitation…so far
2022-06-30 00:00:00
ics
ics
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
2022-10-06 12:00:00
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
JSON
Related for ATLASSIAN_CONFLUENCE_CONFSERVER-79016.NASL
nessus2malwarebytes4zdt3githubexploit57wallarmlab1akamaiblog3atlassian2qualysblog4cisa_kev1threatpost2cve1checkpoint_advisories1hivepro1thn14metasploit1trendmicroblog1nuclei1cisa3packetstorm2prion1impervablog4ubuntucve1exploitdb1kitploit1mssecure1mmpc1avleonov2rapid7blog7trellix2attackerkb1github1googleprojectzero1ics2