Executive Summary
Atlassian Confluence has been hit by an actively exploited zero-day vulnerability. This vulnerability allows external attackers to create unauthorized Confluence administrator accounts and gain access to Confluence servers.
Atlassian has released fixes to contain the vulnerability.
Organizations using the impacted versions are urged to follow Atlassian’s recommendations to mitigate the risk considering reported potential exploitation.
About the Vulnerability
The vulnerability, tracked as CVE-2023-22515, has been assigned a CVSS of 10.0 by Atlassian (NIST score is not available as of the day this news is written).
The vulnerability allows external attackers to create unauthorized Confluence administrator accounts and gain access to Confluence servers. This can potentially lead to unauthorized access to sensitive information and unauthorized actions within the affected Confluence instances.
It is remotely exploitable and affects publicly accessible Confluence Data Center and Server instances.
Atlassian highlights that Atlassian Cloud sites (Confluence sites accessed via an atlassian.net domain) are not affected by this vulnerability.
Impacted Versions:
- 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4
- 8.1.0, 8.1.1, 8.1.3, 8.1.4
- 8.2.0, 8.2.1, 8.2.2, 8.2.3
- 8.3.0, 8.3.1, 8.3.2
- 8.4.0, 8.4.1, 8.4.2
- 8.5.0, 8.5.1
Fixed Versions:
- 8.3.3 or later
- 8.4.3 or later, and
- 8.5.2 (Long Term Support release) or later
Atlassian Response and Recommendations
Atlassian has published a security advisory on the vulnerability, including vulnerability details, impacted versions, fixed versions, recommended mitigation steps for the customers unable to update, and how to detect the threat.
The advisory also indicates that:
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
It is of utmost importance that Confluence Server and Data Center customers using impacted versions immediately update to a fixed version or implement mitigations recommended by Atlassian.
Taking immediate action is crucial to protect Confluence instances from unauthorized access and potential exploitation. Please visit the the security advisory for detailed information from Atlassian.