Confluence Pre-Auth RCE

Userlevel 3
Badge +3

On June 02, 2022, Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity of unauthenticated remote code execution vulnerability.

The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance and is currently being exploited by a specific threat actor. in order to bring value to our customers and help them test and verify their systems are secure against it our research team rushed to release a purple team module for that specific reason.

You can find it under the following name: Confluence Pre-Auth Remote Code Execution via OGNL Injection(CVE-2022-26134)

The execution expects two input arguments:

Hostname : the vulnerable host to check

Command : the command we would like to run if the host is found to be vulnerable (defaults to whoami which will print the current running username.)


0 replies

Be the first to reply!