Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

Atlassian CVE-2022-26134

Max room.

An interactive lab showcasing the Confluence Server and Data Center un-authenticated RCE vulnerability.

easy

20 min

9,065

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

On May the 30th, 2022, an organisation named Volexity identified an un-authenticated vulnerability (scoring 9.8 on ) within Atlassian's Confluence Server and Data Center editions (opens in new tab).

Confluence is a collaborative documentation and project management framework for teams. Confluence helps track project status by offering a centralised workspace for members.

The following versions of Confluence are vulnerable to this :

  • 1.3.0 -> 7.4.17
  • 7.13.0 -> 7.13.7
  • 7.14.0 -> 7.14.3 
  • 7.15.0 -> 7.15.2 
  • 7.16.0 -> 7.16.4
  • 7.17.0 -> 7.17.4
  • 7.18.0 -> 7.18.1 

You can view the entry for -2022-26134 here (opens in new tab).

Answer the questions below
What is the full CVE entry for this exploit?

You discover a server running Confluence with the version of 7.16.2, is this vulnerable? 
Answer format: yay/nay