Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence

A critical zero-day vulnerability, CVE-2022-26134, has been discovered in Atlassian Confluence, affecting all supported versions of Confluence Server and Data Center, allowing unauthenticated users to execute arbitrary commands remotely. The vulnerability is being actively exploited, posing significant security risks as attackers can gain full control of affected systems without authentication. Atlassian has released fixed versions to address the issue, and users are urged to upgrade immediately to protect their environments. Detection and mitigation strategies include using tools like Falco to identify suspicious activity and prevent exploitation while waiting for updates. The vulnerability does not impact Atlassian Cloud sites, and the complexity of the exploit remains unclear, making detection challenging.