Cloudflare customers are protected from the Atlassian Confluence CVE-2022-26134
On June 2, 2022, Atlassian issued a security advisory for their Confluence Server and Data Center applications, warning of a critical severity unauthenticated remote code execution vulnerability (CVE-2022-26134). The flaw affects all versions of Confluence Server and Data Center versions greater than 1.3.0. Atlassian has released a patch, urging customers to update immediately. Cloudflare's WAF and Access features already protect their customers from this vulnerability. On June 2, 2022, at 23:38 UTC, Cloudflare deployed an emergency release with a mitigation rule for the vulnerability. This rule automatically protected all websites using Cloudflare WAF, including free customers. Access users were also protected from external exploitation attempts before the emergency release.
Company
Cloudflare
Date published
June 3, 2022
Author(s)
Reid Tatoris, Daniel Stinson-Diess, Sourov Zaman, Vaibhav Singhal
Word count
328
Language
English
Hacker News points
None found.