Atlassian has issued a patch for a zero-day vulnerability that gives attackers unauthenticated remote code execution privileges. The vulnerability, tracked as CVE-2022-26134, has a CVSS score of 10 out of 10 for criticality. The U.S. Cybersecurity and Infrastructure Security Agency has asked all federal agencies to block all internet traffic to and from Atlassian’s Confluence Server and Data Center products that are in their respective agencies’ use. Atlassian also says that the vulnerability only affects the above products and their respective versions and that the Atlassian Cloud sites are still secured.”]
Source: https://www.cuinfosecurity.com/atlassian-issues-patch-for-critical-confluence-zero-day-a-19199