¡¾Îó²îͨ¸æ¡¿ConfluenceÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2022-26134£©

Ðû²¼Ê±¼ä 2022-06-04

 

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2022-26134

·¢Ã÷ʱ¼ä

2022-06-03

Àà    ÐÍ

RCE

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP


ÔÚҰʹÓÃ

ÊÇ

 

0x01 Îó²îÏêÇé

ConfluenceÊÇAtlassian¹«Ë¾¿ª·¢µÄÒ»¿îרҵµÄÆóҵ֪ʶÖÎÀíÓëЭͬÈí¼þ£¬£¬£¬£¬ £¬£¬£¬³£ÓÃÓÚ¹¹½¨ÆóÒµwiki¡£¡£¡£

6ÔÂ2ÈÕ£¬£¬£¬£¬ £¬£¬£¬AtlassianÐû²¼Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬ £¬£¬£¬Åû¶ÁËConfluence Server ºÍConfluence Data CenterÖеÄÒ»¸öδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2022-26134£©£¬£¬£¬£¬ £¬£¬£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ10.0£¬£¬£¬£¬ £¬£¬£¬ÏÖÔÚÒѼì²âµ½Îó²îʹÓᣡ£¡£

ÔÚÊÜÓ°ÏìµÄConfluence Server ºÍ Data Center °æ±¾Öб£´æ OGNL ×¢ÈëÎó²î£¬£¬£¬£¬ £¬£¬£¬¸ÃÎó²îÔÊÐíÔÚδ¾­Éí·ÝÑéÖ¤µÄÇéÐÎÏ£¬£¬£¬£¬ £¬£¬£¬Í¨¹ý·¢ËͶñÒâµÄWebÇëÇó×¢ÈëÏÂÁ£¬£¬£¬ £¬£¬£¬ÊµÏÖÔÚÊÜÓ°ÏìµÄConfluence Server »ò Data Center ʵÀýÉÏÖ´ÐÐí§Òâ´úÂë¡£¡£¡£

 

Ó°Ïì¹æÄ£

Confluence Server ºÍ Data Center 1.3.0 < 7.4.17

Confluence Server ºÍ Data Center 7.13.0 < 7.13.7

Confluence Server ºÍ Data Center 7.14.0 < 7.14.3

Confluence Server ºÍ Data Center 7.15.0 < 7.15.2

Confluence Server ºÍ Data Center 7.16.0 < 7.16.4

Confluence Server ºÍ Data Center 7.17.0 < 7.17.4

Confluence Server ºÍ Data Center 7.18.0 < 7.18.1

 

0x02 Çå¾²½¨Òé

ÏÖÔÚ´ËÎó²îÒѾ­ÐÞ¸´£¬£¬£¬£¬ £¬£¬£¬¼øÓÚ´ËÎó²îÕýÔÚ±»Æð¾¢Ê¹Ó㬣¬£¬£¬ £¬£¬£¬½¨ÒéÊÜÓ°ÏìÓû§ÊµÊ±Éý¼¶¸üе½ÒÔÏÂÐÞ¸´°æ±¾£¨°üÀ¨ÆäËüÐÞ¸´£©£º

Confluence Server ºÍ Data Center 1.3.0£ºÉý¼¶¸üе½7.4.17

Confluence Server ºÍ Data Center 7.13.0£ºÉý¼¶¸üе½7.13.7

Confluence Server ºÍ Data Center 7.14.0 £ºÉý¼¶¸üе½ 7.14.3

Confluence Server ºÍ Data Center 7.15.0 £ºÉý¼¶¸üе½ 7.15.2

Confluence Server ºÍ Data Center 7.16.0 £ºÉý¼¶¸üе½ 7.16.4

Confluence Server ºÍ Data Center 7.17.0 £ºÉý¼¶¸üе½ 7.17.4

Confluence Server ºÍ Data Center 7.18.0 £ºÉý¼¶¸üе½ 7.18.1

ÏÂÔØÁ´½Ó£º

https://www.atlassian.com/software/confluence/download-archives

»º½â²½·¥£º

ÈôÊÇÎÞ·¨Á¬Ã¦Éý¼¶Confluence£¬£¬£¬£¬ £¬£¬£¬¹ØÓÚConfluence 7.15.0 - 7.18.0¡¢Confluence 7.0.0 - Confluence 7.14.2µÄÓû§¿ÉÒԲο¼Atlassian¹Ù·½Í¨¸æÖÐÕë¶ÔCVE-2022-26134µÄ»º½â²½·¥¡£¡£¡£

²Î¿¼Á´½Ó£º

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

 

0x03 ²Î¿¼Á´½Ó

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://jira.atlassian.com/browse/CONFSERVER-79016

https://nvd.nist.gov/vuln/detail/CVE-2022-26134

https://mp.weixin.qq.com/s/tlCajE_LrfZOEiynqeHsiA

 

0x04 °æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2022-06-04

Ê×´ÎÐû²¼

 

0x05 ¸½Â¼

¼øºÚµ£±£Íø¼ò½é

¼øºÚµ£±£Íø¹«Ë¾½¨ÉèÓÚ1996Ä꣬£¬£¬£¬ £¬£¬£¬²¢ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉî½»ËùÖÐС°åÕýʽ¹ÒÅÆÉÏÊУ¬£¬£¬£¬ £¬£¬£¬ÊǺ£ÄÚ¼«¾ßʵÁ¦µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÍøÂçÇå¾²²úÆ·¡¢¿ÉÐÅÇå¾²ÖÎÀíƽ̨¡¢Ç徲ЧÀÍÓë½â¾ö¼Æ»®µÄ×ÛºÏÌṩÉÌ¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°£¬£¬£¬£¬ £¬£¬£¬ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÓзÖÖ§»ú¹¹£¬£¬£¬£¬ £¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÇþµÀϵͳºÍÊÖÒÕÖ§³ÖÖÐÐÄ£¬£¬£¬£¬ £¬£¬£¬²¢ÔÚ±±¾©¡¢ÉϺ£¡¢³É¶¼¡¢¹ãÖÝ¡¢³¤É³¡¢º¼ÖݵȶàµØÉèÓÐÑз¢ÖÐÐÄ¡£¡£¡£

¶àÄêÀ´£¬£¬£¬£¬ £¬£¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬ £¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬ £¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£¡£¡£


¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ¡£¡£¡£

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬ £¬£¬£¬»ñÈ¡È«Çò×îÐÂÇå¾²×ÊѶ£º

image.png