Atlassian Confluence’da Çıkan Zero-Day (CVE-2022-26134) İçin Yama Yayınlandı!

CVE-2022-26134 kodu verilen kritik önemi olan Atlassian’ın Confluence ürünündeki Zero-day için, yamalanmış sürüm yayınlandı.

Confluence tarafından acil olarak update yapılması, eğer yapılamıyorsa WAF cihazlarınızda ${ ve $%7B parametrelerinin engellenmesini önerdi.

İlgili link: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

Update: This advisory has been updated since its original publication.

Specific updates include:

03 Jun 2022 10 AM PDT (Pacific Time, -7 hours) 

03 Jun 2022 8 AM PDT (Pacific Time, -7 hours) 

03 Jun 2022 

SummaryCVE-2022-26134 – Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center
Advisory Release Date02 Jun 2022 1 PM PDT (Pacific Time, -7 hours) 
Affected ProductsConfluenceConfluence ServerConfluence Data Center
Affected VersionsAll supported versions of Confluence Server and Data Center are affected.Confluence Server and Data Center versions after 1.3.0 are affected.
Fixed Versions7.4.17
7.13.7
7.14.3
7.15.2
7.16.4
7.17.4
7.18.1
Exit mobile version