Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability

Viewing page 2 of 2

37 answers

0 votes
Pedro Felgueiras
Pedro Felgueiras
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 3, 2022

On the notification page they said they expect EOD June 3 PDT

 

It’s not EBD and the time zone is PDT sou we could have to wait 15 hours 

Reply
0 votes
Jimmy Seddon
Jimmy Seddon
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 3, 2022

@tina-louise_allaire_canada_ca that sounds like your company admins posted that alert banner message.  You will want to reach out to them (possibly your IT team) that would not have been something that Atlassian posted.

Reply
0 votes
tina-louise_allaire_canada_ca
tina-louise_allaire_canada_ca June 3, 2022

Hello,

What time is end of business day for you? I have the following message on our Confluence: Maintenance Notification: Please note due to the Confluence Server and Data Center vulnerability - CVE-2022-26134 - the server will be shut down after the end of business today. The server will be available again once patching is complete.

Thank you

Tina

Reply
0 votes
Frank Hess
Frank Hess June 3, 2022

Current version version is 7.18.0 thus fixed version should be 7.18.1 which currently isn't listed but can already be downloaded: https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-7.18.1.tar.gz ;-)

Reply
0 votes
IT Admins
IT Admins June 3, 2022

I expect there will be a bugfix-release to address this, like a 7.18.1 would become 7.18.2 etc.

Reply
0 votes
cooreilly
cooreilly June 3, 2022

enabling alerts is great ... but when you do that it says it might not take affect for 5 days.  

Reply
0 votes
Pandiyan Muthuraman
Pandiyan Muthuraman June 3, 2022

Do we get the fix in existing LTS version ? or will expect a new minor release with fixes. 

Reply
0 votes
Pedro Felgueiras
Pedro Felgueiras
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 3, 2022

Does anyone have a guide on how to restrict URL with "${" on tomcat or does it needs to be restricted outside tomcat 

Reply
0 votes
Joachim Schenk
Joachim Schenk June 3, 2022

Hi Folks,

 

did you noticed that the old Partner portal is still available? 

https://partners.atlassian.com

 

I think this site should be taken offline and redirected to the new cloud site

 

Regards,

Reply
0 votes
David Grizzell
David Grizzell
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 2, 2022

Beyond what @Robert Tang mentions, in general, I suggest making sure you are updated to the latest available release of Confluence as well as patching your O/S. This will put you in a good position so that when the patch is released for this exploit the upgrade will be relatively painless.

Reply
0 votes
Robert Tang
Robert Tang June 2, 2022

Awesome! Seems this is only limited to Confluence at the moment and it stays this way. 

Reply
0 votes
Robert Tang
Robert Tang June 2, 2022

Can I confirm whether JIRA is affected by this or not?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events