/plushcap/analysis/cloudflare/cloudflare-customers-are-protected-from-the-atlassian-confluence-cve-2022-26134

Cloudflare customers are protected from the Atlassian Confluence CVE-2022-26134

What's this blog post about?

On June 2, 2022, Atlassian issued a security advisory for their Confluence Server and Data Center applications, warning of a critical severity unauthenticated remote code execution vulnerability (CVE-2022-26134). The flaw affects all versions of Confluence Server and Data Center versions greater than 1.3.0. Atlassian has released a patch, urging customers to update immediately. Cloudflare's WAF and Access features already protect their customers from this vulnerability. On June 2, 2022, at 23:38 UTC, Cloudflare deployed an emergency release with a mitigation rule for the vulnerability. This rule automatically protected all websites using Cloudflare WAF, including free customers. Access users were also protected from external exploitation attempts before the emergency release.

Company
Cloudflare

Date published
June 3, 2022

Author(s)
Reid Tatoris, Daniel Stinson-Diess, Sourov Zaman, Vaibhav Singhal

Word count
328

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.