Hi ,
seems conflunce with version 7.12.4 has CVE-2022-22965 vulnerability, which shows as below:
Path /confluence/WEB-INF/lib/atlassian-plugins-spring-5.3.11.jar
Installed version : 5.3.11 Fixed version : 5.3.18
Path : /confluence/WEB-INF/lib/atlassian-spring-2.0.8.jar
Installed version : 2.0.8 Fixed version : 5.2.20
Path : /confluence/WEB-INF/lib/sal-spring-4.1.0.jar
Installed version : 4.1.0 Fixed version : 5.2.20
Path : /confluence/WEB-INF/lib/spring-core-5.1.18.RELEASE.jar Installed version :
5.1.18.RELEASE Fixed version : 5.2.20
Path :
/confluence/synchrony-proxy/WEB-INF/lib/spring-core-5.1.18.RELEASE.jar
Installed version : 5.1.18.RELEASE Fixed version : 5.2.20
how can we remediate it .
can we upgrade confluence to solve this?
Hi @Mengmeng Yu ,
currently, Atlassian team is investigation about this security issue (https://community.developer.atlassian.com/t/attention-cve-2022-22965-spring-framework-rce-investigation/57172). You will find the official patch/workaround at the end of that investigation through the Atlassian Security Advisories https://www.atlassian.com/trust/security/advisories
Hope this helps,
Fabio
Hi @Mengmeng Yu
Please also keep an eye on Atlassian's FAQ for CVE-2022-22965 for new information.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.