Finding Confluence servers (again) with Rumble
Last updated on June 3, 2022 at 06:00 CDT (-0600)
An actively exploited zero-day has surfaced in popular wiki software Confluence. Deemed “critical” in severity, this vulnerability affects all supported versions of Confluence Server and Confluence Data Center, and also older, unsupported versions (i.e. everything after version 1.3.0). Hosted instances within Atlassian Cloud are reportedly protected from exploitation.
Upon successful exploitation via OGNL template injection, this vulnerability (tracked as CVE-2022-26134) can provide unauthenticated remote code execution (RCE) to an attacker. Cybersecurity firm Volexity discovered the vulnerability while performing incident response, and noted, confirmed, and disclosed the actively exploited attack vector to Atlassian.
Atlassian has made fixes available for a number of versions and strongly encourages admins to update. If patching in the near term isn’t viable, mitigation strategies to limit exploitation opportunities are also provided. CISA has added this zero-day to its Known Exploited Vulnerabilities Catalog, with advice to block internet access to affected Confluence products.
product:confluence OR (_asset.protocol:http AND protocol:http AND has:http.head.xConfluenceRequestTime)
Don’t have Rumble and need help finding vulnerable Confluence instances? Start your Rumble trial today.
June 21, 2022
Finding Microsoft VPN/PPTP with Rumble
Last month, researcher Alex Nichols at Nettitude reported a vulnerability in Microsoft’s Windows VPN software that could allow for remote code execution or local privilege escalation by an attacker. This vulnerability lies in a use-after-free condition that can occur in the …Read More
May 12, 2022
Wrangling the May 2022 Patch Tuesday
Microsoft recently released security updates for over 70 vulnerabilities, including 3 zero-days and 7 critical vulnerabilities that affect a wide-range of their products and services. The list of patches covers an actively exploited zero-day vulnerability in the Windows …Read More
May 5, 2022
Finding F5 BIG-IP instances
Technology vendor F5 recently published information on over 40 vulnerabilities, mostly affecting their BIG-IP line of products. While these vulnerabilities include a mix of types and severities, a particular authentication bypass vulnerability that can affect all BIG-IP …Read More