gsd-2022-26134
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-26134", "description": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.", "id": "GSD-2022-26134", "references": [ "https://packetstormsecurity.com/files/cve/CVE-2022-26134" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-26134" ], "details": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.", "id": "GSD-2022-26134", "modified": "2023-12-13T01:19:39.569570Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2022-05-31T20:00:00", "ID": "CVE-2022-26134", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Confluence Data Center", "version": { "version_data": [ { "version_affected": "\u003e", "version_value": "1.3.0" }, { "version_affected": "\u003c", "version_value": "7.4.17" }, { "version_affected": "\u003e=", "version_value": "7.13.0" }, { "version_affected": "\u003c", "version_value": "7.13.7" }, { "version_affected": "\u003e=", "version_value": "7.14.0" }, { "version_affected": "\u003c", "version_value": "7.14.3" }, { "version_affected": "\u003e=", "version_value": "7.15.0" }, { "version_affected": "\u003c", "version_value": "7.15.2" }, { "version_affected": "\u003e=", "version_value": "7.16.0" }, { "version_affected": "\u003c", "version_value": "7.16.4" }, { "version_affected": "\u003e=", "version_value": "7.17.0" }, { "version_affected": "\u003c", "version_value": "7.17.4" }, { "version_affected": "\u003e=", "version_value": "7.18.0" }, { "version_affected": "\u003c", "version_value": "7.18.1" } ] } }, { "product_name": "Confluence Server", "version": { "version_data": [ { "version_affected": "\u003e", "version_value": "1.3.0" }, { "version_affected": "\u003c", "version_value": "7.4.17" }, { "version_affected": "\u003e=", "version_value": "7.13.0" }, { "version_affected": "\u003c", "version_value": "7.13.7" }, { "version_affected": "\u003e=", "version_value": "7.14.0" }, { "version_affected": "\u003c", "version_value": "7.14.3" }, { "version_affected": "\u003e=", "version_value": "7.15.0" }, { "version_affected": "\u003c", "version_value": "7.15.2" }, { "version_affected": "\u003e=", "version_value": "7.16.0" }, { "version_affected": "\u003c", "version_value": "7.16.4" }, { "version_affected": "\u003e=", "version_value": "7.17.0" }, { "version_affected": "\u003c", "version_value": "7.17.4" }, { "version_affected": "\u003e=", "version_value": "7.18.0" }, { "version_affected": "\u003c", "version_value": "7.18.1" } ] } } ] }, "vendor_name": "Atlassian" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://jira.atlassian.com/browse/CONFSERVER-79016", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/CONFSERVER-79016" }, { "name": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html" }, { "name": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html" }, { "name": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html" }, { "name": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html" }, { "name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html", "refsource": "MISC", "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.17.4", "versionStartIncluding": "7.17.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.16.4", "versionStartIncluding": "7.16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.15.2", "versionStartIncluding": "7.15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.14.3", "versionStartIncluding": "7.14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.13.7", "versionStartIncluding": "7.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.4.17", "versionStartIncluding": "1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.17.4", "versionStartIncluding": "7.17.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.16.4", "versionStartIncluding": "7.16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.15.2", "versionStartIncluding": "7.15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.14.3", "versionStartIncluding": "7.14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.13.7", "versionStartIncluding": "7.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.4.17", "versionStartIncluding": "1.3", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@atlassian.com", "ID": "CVE-2022-26134" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-74" } ] } ] }, "references": { "reference_data": [ { "name": "https://jira.atlassian.com/browse/CONFSERVER-79016", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://jira.atlassian.com/browse/CONFSERVER-79016" }, { "name": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html", "refsource": "MISC", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html" }, { "name": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html", "refsource": "MISC", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html" }, { "name": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html" }, { "name": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html" }, { "name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html", "refsource": "MISC", "tags": [], "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2022-06-30T06:15Z", "publishedDate": "2022-06-03T22:15Z" } } }
Loading...