Confluence Security Advisory 2022-06-02

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

Confluence Server and Data Center – CVE-2022-26134 – Critical severity unauthenticated remote code execution vulnerability

Atlassian has published a notification on a critical vulnerability affecting all on premise instances of Confluence (Server and Data Center) – unauthenticated remote code execution vulnerability in Confluence Server and Data Center.

What You Need to Do

There are currently no fixed versions of Confluence Server and Data Center available. In the interim, customers should work with their security team to consider the best course of action. Options to consider include:

  • Restricting access to Confluence Server and Data Center instances from the internet.
  • Disabling Confluence Server and Data Center instances.

If you are unable to take the above actions implementing a WAF (Web Application Firewall) rule which blocks URLs containing ${ may reduce your risk.