Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

confluence 7.12.4 CVE-2022-22965 vulnerability

Mengmeng Yu
Mengmeng Yu April 19, 2022

Hi , 

seems conflunce with version 7.12.4 has CVE-2022-22965 vulnerability, which shows as below:

 

Path /confluence/WEB-INF/lib/atlassian-plugins-spring-5.3.11.jar
Installed version : 5.3.11 Fixed version : 5.3.18
Path : /confluence/WEB-INF/lib/atlassian-spring-2.0.8.jar
Installed version : 2.0.8 Fixed version : 5.2.20
Path : /confluence/WEB-INF/lib/sal-spring-4.1.0.jar
Installed version : 4.1.0 Fixed version : 5.2.20
Path : /confluence/WEB-INF/lib/spring-core-5.1.18.RELEASE.jar Installed version :
5.1.18.RELEASE Fixed version : 5.2.20
Path :
/confluence/synchrony-proxy/WEB-INF/lib/spring-core-5.1.18.RELEASE.jar
Installed version : 5.1.18.RELEASE Fixed version : 5.2.20

 

how can we remediate it .

can we upgrade confluence to  solve this?

 

Answer
Watch
Like Be the first to like this
710 views

1 answer

1 accepted

1 vote
Answer accepted
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 19, 2022

Hi @Mengmeng Yu ,

currently, Atlassian team is investigation about this security issue (https://community.developer.atlassian.com/t/attention-cve-2022-22965-spring-framework-rce-investigation/57172). You will find the official patch/workaround at the end of that investigation through the Atlassian Security  Advisories https://www.atlassian.com/trust/security/advisories

Hope this helps,

Fabio

View More Comments
Kishan Sharma
Kishan Sharma
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 19, 2022

Hi @Mengmeng Yu 

Please also keep an eye on Atlassian's FAQ for CVE-2022-22965 for new information.

Like # people like this
Mengmeng Yu
Mengmeng Yu April 20, 2022

Thanks for you both help. this is quite helpful.

Like Kishan Sharma likes this
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events