Attackers Massively Target Atlassian Confluence Vulnerability

More than 850 unique IP addresses have attempted to exploit a critical zero-day Atlassian’s Confluence vulnerability, barely a week after a security fix was released.

Confluence is a team workspace application that is used by approximately 75,000 customers. Most of Confluence’s work takes place in the cloud, which was not affected by the vulnerability.

The critical Object Graph Navigation Language (OGNL) vulnerability tracked as CVE-2022-26134 was disclosed in the on-premise versions of Confluence Server and Data Center. The flaw could let an attacker remotely execute code in Confluence Data Center and Server.

According to the GreyNoise researchers, the attacks appear to be quite targeted, as attackers appear to check IP addresses to make sure the IP is running Confluence before starting the attack. Some observed exploit activity includes generic reverse shells, payloads with obfuscation.

Researchers explain that the mass exploitation of the vulnerability may be due to several factors, including the ease of exploitation and valuable information stored in the Confluence database, including passwords, proprietary customer information and other confidential data.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web