Cloud-Based Adversary Capitalizes on Confluence Servers

January 6, 2023

If you are the owner of a server, you are probably aware that several security researchers have identified a cloud-based adversary capitalizes on confluence servers and trying to gain access. The reason this type of attack is taking place is due to a vulnerability in the way Confluence RCE (Remote Code Execution) functions.

Exploiting a Confluence RCE vulnerability

Confluence is a web-based team collaboration platform that’s popular among large organizations. It used to build internal wikis and knowledge bases. But recently, attackers have been able to exploit a Confluence RCE vulnerability that could lead to the remote exploitation of arbitrary commands. This makes it an attractive target for the initial entry of an attacker into a corporate network.

The CVE-2022-26134 zero-day vulnerability used by attackers to run arbitrary code on a vulnerable Confluence Server. It can access through specially-crafted HTTP requests. The response header then read to allow the attacker to execute arbitrary commands.

Atlassian issued a security advisory to address the issue. It details the vulnerabilities and offers suggestions for mitigating the impact. It recommends updating to a recent version and disabling servers.


Earlier this week, a vulnerability in the Atlassian Confluence Server and Confluence Data Center exploited. This zero-day flaw allows unauthenticated remote attackers to execute privileged commands and potentially steal valuable information from systems. Specifically, it’s an RCE vulnerability that could allow attackers to install a web shell on the system, and even to take over domains.

A security advisory was issued by the company describing the vulnerability. The company said that the flaw is critical and should patched. The issue assigned a CVE, which means that it publicly tracked.

The flaw actively exploited in the wild. Researchers have identified dozens of IP addresses that have attempted to exploit the flaw. The attack appears to target, as evidenced by the fact that the attack was not attempting to pivot from one machine to another.


A zero-day flaw in the Atlassian Confluence Server has allowed hackers to take control of servers and deploy ransomware. The flaw used in attacks against both Linux and Windows systems. These attacks now abused to mine cryptocurrency.

The vulnerability, referred to as CVE-2022-26134, discovered by Volexity researchers. Volexity detected a suspicious intrusion at a customer location and reported the flaw to Atlassian. They then published a technical writeup on the issue and released a proof-of-concept exploit.

The Atlassian Confluence Server vulnerability allows an unauthenticated user to drop an in-memory-only Web shell on the server. Once the shell deployed, it gives the attacker a persistent backdoor. This is important because it lets the attacker launch arbitrary commands on the system. The shell can also used to drop other malware on the system.

Smart Links

Using Smart Links on Confluence Servers allows users to share information with colleagues. Embedded content is easy to use and brings the link’s content and experience into the Atlassian product. This provides users with the ideal overview without leaving the page.

For example, if you create a Jira Roadmap within your business project, you can embed it into Confluence. In the embeddable Roadmap, you can resize it to fit your page. You can also manage dependencies. This will help you maintain the flow of work and avoid data silos.

Confluence offers a wealth of templates, which you can use to boost your personal productivity and improve teamwork. These include annual review templates, weekly financial statements, and project kick-off templates. These templates allow you to ensure that your team’s content remains consistent, whether you’re working together in the same office or on different projects.

Monitoring and logging capabilities

Monitoring and logging capabilities of Confluence Servers are vital for knowing when connection and email delivery problems occur. In addition to monitoring, it is also important to understand the latencies involved in searching.

The Atlassian audit log is an excellent source for identifying issues and determining which settings configured correctly. However, it is not a foolproof method for determining whether a particular configuration is appropriate.

The best way to monitor Confluence is to use the JMX feature. This allows you to monitor your Confluence instance in real time. It does this in a similar fashion to existing application metrics, and it is even possible to configure the system to send specific entries to different log files.

The Java Management Extensions (JMX) feature can use to detect and diagnose performance problems, or to identify potential security risks. Using JMX, you can access a large array of metrics.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Data Security Through Data Literacy

Data Security Through Data Literacy

Unlocking data security through data literacy. Explore the pivotal role of understanding data in fortifying cybersecurity measures. Data is now pervasive, and it is important for people to understand how to work with this information. They need to be able to interpret...

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle drops malware. Stay vigilant against cybersecurity threats, and secure your online anonymity with caution. Threat actors have been using Trojanized installers for the Tor browser to distribute clipboard-injector malware that siphons...

Siri Privacy Risks: Unveiling the Dangers

Siri Privacy Risks: Unveiling the Dangers

Unveiling Siri privacy risks: Understand the potential dangers and take steps to enhance your digital assistant's security. Siri is a great piece of technology, but it can also be dangerous to users’ privacy. This is a serious issue that should be addressed....

Recent Case Studies

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us