If the Confluence instance cannot be accessed from the general internet, the risk of an exploit/attack originating from there is negated.
However, out of an abundance of caution, the guidance on the Confluence Security Advisory page for CVE-2022-26134 still applies.
Due to the critical nature of this vulnerability and the variety of ways in which instances can be accessed, please work with local network/security team(s) to determine if mitigation is needed. We still recommend upgrading to a fix version as the long-term fix for this vulnerability.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.