Atlassian warns of critical Confluence flaw leading to data loss

Trending 1 month ago


Australian package institution Atlassian warned admins to instantly spot Internet-exposed Confluence instances against a captious information flaw that could lead to information nonaccomplishment pursuing successful exploitation.

Described arsenic an improper authorization vulnerability affecting each versions of Confluence Data Center and Confluence Server software, nan bug is tracked arsenic CVE-2023-22518 and puts publically accessible instances astatine captious risk.

While threat actors could usage nan flaw to destruct information connected affected servers, nan bug doesn't effect confidentiality arsenic it can't beryllium exploited to exfiltrate lawsuit data. Atlassian Cloud sites accessed via an domain are besides unaffected by this vulnerability.

"As portion of our continuous information appraisal processes, we person discovered that Confluence Data Center and Server customers are susceptible to important information nonaccomplishment if exploited by an unauthenticated attacker," said Bala Sathiamurthy, Atlassian's Chief Information Security Officer (CISO).

"There are nary reports of progressive exploitation astatine this time; however, customers must return contiguous action to protect their instances."

The institution fixed nan captious CVE-2023-22518 vulnerability successful Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.

Atlassian warned admins to upgrade to a fixed type instantly and, if that isn't possible, to use mitigation measures, including backing up unpatched instances and blocking Internet entree until they're upgraded.

"Instances accessible to nan nationalist internet, including those pinch personification authentication, should beryllium restricted from outer web entree until you tin patch," nan institution said.

Earlier this month, CISA, FBI, and MS-ISAC warned web admins to instantly patch Atlassian Confluence servers against an actively exploited privilege escalation flaw tracked arsenic CVE-2023-22515.

"Due to nan easiness of exploitation, CISA, FBI, and MS-ISAC expect to spot wide exploitation of unpatched Confluence instances successful authorities and backstage networks," nan associated advisory warned.

Microsoft revealed that nan Chinese-backed Storm-0062 (aka DarkShadow aliases Oro0lxy) threat group had exploited nan flaw arsenic a zero-day since astatine slightest September 14, 2023.

Patching susceptible Confluence servers arsenic soon arsenic imaginable is of utmost importance, seeing that they were antecedently targeted successful wide attacks pushing Linux botnet malware, crypto miners, and AvosLocker and Cerber2021 ransomware.