当前位置:网站首页>[vulnerability warning] cve-2022-26134 conflict Remote Code Execution Vulnerability POC verification and repair process
[vulnerability warning] cve-2022-26134 conflict Remote Code Execution Vulnerability POC verification and repair process
2022-07-05 16:09:00 【yuanfan2012】
【 Vulnerability warning 】CVE-2022-26134 Confluence Remote code execution vulnerability POC Verification and repair process
One 、 Vulnerability Details
Atlassian Confluence yes Atlassian Professional products of the company wiki Program . It can be used as a tool for knowledge management , It enables collaboration and knowledge sharing among team members .
2022 year 6 month 3 Japan ,Atlassian Official announcement , Disclosure exists CVE-2022-26134 Confluence Remote Code Execution Vulnerability wild attack vulnerability event . Vulnerability exploitation does not require identity authentication , It can directly execute arbitrary code remotely in the foreground .
Vulnerability Details :
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Atlassian It's official Confluence Server and Data Center OGNL Inject holes (CVE-2022-26134) Safety notice of , Remote attackers without authentication , Constructible OGNL Expression injection , Realize in Confluence Server or Data Center Execute arbitrary code on ,CVSS The score is 10.
Currently, the details of this vulnerability are PoC Has been publicly disclosed , And it is detected that there is wild utilization . Please take measures for protection as soon as possible .
( Click to enlarge the picture )
Two 、 Vulnerability detection
1、 Manual inspection
Users can view the current Confluence Is the version within the affected range , Check whether the current service is affected by this vulnerability .
Click on the image , choice “ About Confluence”, You can view the current version .
( Click to enlarge the picture )
2、POC testing
As shown in the figure below ,POC Script for attack testing
It can be seen that arbitrary code execution can be carried out , Get it directly to the server Shell Background permissions
( Click to enlarge the picture )
3、 ... and 、 Vulnerability protection measures
3.1 Officially upgrade to the safe version
The official recommends that users upgrade to the latest version , To ensure the security and stability of the service .
( Click to enlarge the picture )
Download link :https://www.atlassian.com/software/confluence/download-archives
3.2、 Temporary protective measures
about Confluence 7.15.0 - 7.18.0:aaa
( Click to enlarge the picture )
about Confluence 7.0.0 - Confluence 7.14.2:
( Click to enlarge the picture )
disclaimer : The above vulnerability information is collected on the Internet , If there is something wrong , Please kindly understanding . If there is infringement , Please contact the author of this article to delete .
Four 、 Vulnerability repair process practice
Let's say 7.4.1 Version as an example , Use temporary protective measures to repair
First download the following three files and upload them to confluence The server
https://packages.atlassian.com/maven-internal/opensymphony/xwork/1.0.3-atlassian-10/xwork-1.0.3-atlassian-10.jar
https://packages.atlassian.com/maven-internal/opensymphony/webwork/2.1.5-atlassian-4/webwork-2.1.5-atlassian-4.jar
https://confluence.atlassian.com/doc/files/1130377146/1137639562/3/1654274890463/CachedConfigurationProvider.class
Repair process
[[email protected] ~]# cd /opt/CVE-2022-26134_repair/
[[email protected] CVE-2022-26134_repair]# ll
total 524
-rw-r--r--. 1 root root 7186 Jun 5 10:55 CachedConfigurationProvider.class
-rw-r--r--. 1 root root 352630 Oct 14 2021 webwork-2.1.5-atlassian-4.jar
-rw-r--r--. 1 root root 170369 Jun 2 16:39 xwork-1.0.3-atlassian-10.jar
[[email protected] CVE-2022-26134_repair]#
[[email protected] CVE-2022-26134_repair]#
[[email protected] CVE-2022-26134_repair]#
[[email protected] CVE-2022-26134_repair]# cd /opt/atlassian/confluence/
[[email protected] confluence]# ll
total 1340
-rw-r--r--. 1 root root 975517 Jun 5 10:33 atlassian-agent.jar
drwxr-xr-x. 3 root root 4096 Jun 5 10:35 bin
-rw-r--r--. 1 root root 19540 Jun 11 2020 BUILDING.txt
drwxr-xr-x. 3 root root 4096 Jun 5 10:31 conf
drwxr-xr-x. 27 root root 4096 Jun 5 10:31 confluence
-rw-r--r--. 1 root root 5545 Jun 11 2020 CONTRIBUTING.md
-rw-r--r--. 1 root root 128417 Jun 5 10:31 install.reg
drwxr-xr-x. 7 root root 4096 Jun 5 10:31 jre
drwxr-xr-x. 2 root root 4096 Jun 5 10:31 lib
-rw-r--r--. 1 root root 58153 Jun 11 2020 LICENSE
drwxr-xr-x. 2 root root 69632 Jun 5 10:31 licenses
drwx------. 2 confluence root 4096 Jun 5 10:35 logs
-rw-r--r--. 1 root root 2401 Jun 11 2020 NOTICE
-rw-r--r--. 1 root root 2291 Jun 11 2020 README.html
-rw-r--r--. 1 root root 3334 Jun 11 2020 README.md
-rw-r--r--. 1 root root 1202 Jun 11 2020 README.txt
-rw-r--r--. 1 root root 7072 Jun 11 2020 RELEASE-NOTES
-rw-r--r--. 1 root root 16738 Jun 11 2020 RUNNING.txt
drwxr-xr-x. 4 root root 4096 Jun 5 10:31 synchrony-proxy
drwx------. 3 confluence root 4096 Jun 5 10:39 temp
-rwx------. 1 root root 13586 Jun 11 2020 uninstall
drwxr-xr-x. 2 root root 4096 Jun 11 2020 webapps
drwx------. 3 confluence root 4096 Jun 5 10:35 work
[[email protected] confluence]# cd confluence/WEB-INF/lib/
[[email protected] lib]# mkdir /opt/old_backup
[[email protected] lib]# mv xwork-1.0.3.6.jar /opt/old_backup/
[[email protected] lib]# mv webwork-2.1.5-atlassian-3.jar /opt/old_backup/
[[email protected] lib]# cp /opt/CVE-2022-26134_repair/xwork-1.0.3-atlassian-10.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/
[[email protected] lib]# cp /opt/CVE-2022-26134_repair/webwork-2.1.5-atlassian-4.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/
[[email protected] lib]#
[[email protected] lib]# cd /opt/atlassian/confluence/confluence/WEB-INF/classes/com/atlassian/confluence/setup/
[[email protected] setup]# ll
total 732
-rw-r--r--. 1 root root 280 Jun 11 2020 atlassian-bundled-plugins.zip
-rw-r--r--. 1 root root 737335 Jun 11 2020 demo-site.zip
-rw-r--r--. 1 root root 15 Jun 11 2020 hsqldb-server.acl
[[email protected] setup]# mkdir webwork
[[email protected] setup]# cd webwork/
[[email protected] webwork]# cp /opt/CVE-2022-26134_repair/CachedConfigurationProvider.class ./
[[email protected] webwork]#
( Click to enlarge the picture )
restart confluence service
/opt/atlassian/confluence/bin/stop-confluence.sh
/opt/atlassian/confluence/bin/start-confluence.sh
( Click to enlarge the picture )
POC It can be seen from the verification that code vulnerability execution is no longer possible , The vulnerability was repaired successfully
边栏推荐
猜你喜欢
ES6 deep - ES6 class class
18.[STM32]读取DS18B20温度传感器的ROM并实现多点测量温度
Five common negotiation strategies of consulting companies and how to safeguard their own interests
Clock switching with multiple relationship
Use of set tag in SQL
ES6深入—async 函数 与 Symbol 类型
Intel 13th generation Raptor Lake processor information exposure: more cores, larger cache
Arduino控制微小的六足3D打印机器人
CISP-PTE之SQL注入(二次注入的应用)
ES6深入—ES6 Generator 函数
随机推荐
Quick completion guide for manipulator (IX): forward kinematics analysis
Codasip为RISC-V处理器系列增加Veridify安全启动功能
[brief notes] solve the problem of IDE golang code red and error reporting
18.[stm32] read the ROM of DS18B20 temperature sensor and realize multi-point temperature measurement
Solve the Hanoi Tower problem [modified version]
对象和类的关系
Modify PyUnit_ Time makes it support the time text of 'xx~xx months'
Fundamentals of data communication - Principles of IP routing
obj解析为集合
Parameter type setting error during batch update in project SQL
漫画:什么是蓝绿部署?
Use of set tag in SQL
Research and development efficiency measurement index composition and efficiency measurement methodology
RepLKNet:不是大卷积不好,而是卷积不够大,31x31卷积了解一下 | CVPR 2022
Codasip adds verify safe startup function to risc-v processor series
Five common negotiation strategies of consulting companies and how to safeguard their own interests
Cs231n notes (top) - applicable to 0 Foundation
项目中批量update
Subclasses and superclasses of abstract classes
助力数字经济发展,夯实数字人才底座—数字人才大赛在昆成功举办