Critical Remote Code Execution Vulnerability CVE-2022-26134 in Atlassian Confluence – Description, Impact, and Mitigation Steps
Atlassian Confluence suffers a severe, easily exploitable remote code execution flaw (CVE-2022-26134) that allows unauthenticated attackers to run arbitrary commands, affecting multiple versions and prompting both official upgrade recommendations and detailed temporary mitigation procedures, while Xmirror's Cloud Shark RASP offers innate protection.
Atlassian recently issued a security advisory for a critical remote code execution vulnerability (CVE-2022-26134) in Confluence, which can be exploited without any authentication by injecting malicious OGNL expressions to execute arbitrary commands on the server.
The flaw is low‑complexity, widely applicable, and has already been publicly disclosed, making further exploitation likely; affected versions include Confluence Server and Data Center releases prior to 7.4.17, 7.5.0‑<7.13.7, 7.14.0‑<7.14.3, 7.15.0‑<7.15.2, 7.16.0‑<7.16.4, 7.17.0‑<7.17.4, and 7.18.0‑<7.18.1.
Official remediation: Atlassian recommends upgrading to the latest safe releases (7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1) and provides the download link
https://www.atlassian.com/software/confluence/download-archives.
Temporary mitigation for Confluence 7.15.0‑7.18.0 (clustered deployments): a) Stop Confluence; b) Download
https://packages.atlassian.com/maven-internal/opensymphony/xwork/1.0.3-atlassian-10.jar; c) Remove or relocate the old
<confluence‑install>/confluence/WEB‑INF/lib/xwork-1.0.3-atlassian-8.jar; d) Copy the new JAR to <confluence‑install>/confluence/WEB‑INF/lib/; e) Ensure file permissions match other files; f) Restart Confluence.
Temporary mitigation for Confluence 7.0.0‑7.14.2 (clustered deployments): a) Stop Confluence; b) Download three files:
https://packages.atlassian.com/maven-internal/opensymphony/xwork/1.0.3-atlassian-10.jar,
https://packages.atlassian.com/maven-internal/opensymphony/webwork/2.1.5-atlassian-4/webwork-2.1.5-atlassian-4.jar, and
https://confluence.atlassian.com/doc/files/1130377146/1137639562/3/1654274890463/CachedConfigurationProvider.class; c) Delete or move the old
<confluence‑install>/confluence/WEB‑INF/lib/xwork-1.0.3.6.jarand
<confluence‑install>/confluence/WEB‑INF/lib/webwork-2.1.5-atlassian-3.jar; d) Copy the new JARs to <confluence‑install>/confluence/WEB‑INF/lib/; e) Copy CachedConfigurationProvider.class to a newly created
<confluence‑install>/confluence/WEB‑INF/classes/com/atlassian/confluence/setup/webworkdirectory; f) Align file permissions; g) Restart Confluence.
The Xmirror Cloud Shark RASP platform provides adaptive threat‑immune protection that is naturally immune to CVE‑2022‑26134 without requiring rule updates, leveraging runtime context‑aware AI detection, vulnerability‑immune algorithms, and deep traffic learning.
About Xmirror Security: founded in 2014 by the Peking University network security research team, Xmirror delivers a third‑generation DevSecOps solution integrating threat modeling, open‑source governance, risk discovery, and continuous detection‑response across cloud‑native, software‑supply‑chain, and application security domains.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.