Multiple cybercriminal and state-sponsored threat groups are exploiting a recently fixed Confluence Server vulnerability, according to Microsoft.
Unauthenticated attackers can use the security flaw, which has been assigned the number CVE-2022-26134, to execute code remotely. It has been patched by Atlassian with the release of versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1, and it affects all supported versions of Confluence Server and Data Center. Although the zero-day vulnerability was exploited before it was discovered, the number of attacks has increased dramatically since its discovery.
The first exploits for CVE-2022-26134 appeared to originate in China and targeted the distribution of web shells. GreyNois, a threat intelligence firm, has spotted over 1,700 unique IP addresses attempting to exploit the flaw so far.