We have some very old Confluence 2.10 servers running. Is it reasonable to assume that these are NOT impacted by the CVE-2022-26134 vulnerability based on the following statement in the CVE-2022-26134 document?
"Confluence Server and Data Center versions after 1.3.0 are affected."
Unfortunately, no. Even these very old versions are susceptible to this vulnerability. The Advisory itself does provide some mitigation steps for more recent versions. You might be able to reduce the risk by restricting network access to this Confluence application. But give the nature of a RCE (Remote code execution) type vulnerability, out of an abundance of caution, Atlassian still recommends upgrading these old versions to supported versions that contain this fix.
Feeling overwhelmed by the demands of work and life? With a 25% increase in the prevalence of anxiety and depression worldwide during the pandemic, for most of us, it’s a resounding yes . 🙋♀️ ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events