Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 10] Critical Confluence Vulnerability Requires Immediate Action

Executive Summary

Atlassian Confluence has been hit by an actively exploited zero-day vulnerability. This vulnerability allows external attackers to create unauthorized Confluence administrator accounts and gain access to Confluence servers.

Atlassian has released fixes to contain the vulnerability.

Organizations using the impacted versions are urged to follow Atlassian’s recommendations to mitigate the risk considering reported potential exploitation.

About the Vulnerability

The vulnerability, tracked as CVE-2023-22515, has been assigned a CVSS of 10.0 by Atlassian (NIST score is not available as of the day this news is written).

The vulnerability allows external attackers to create unauthorized Confluence administrator accounts and gain access to Confluence servers. This can potentially lead to unauthorized access to sensitive information and unauthorized actions within the affected Confluence instances.

It is remotely exploitable and affects publicly accessible Confluence Data Center and Server instances.

Atlassian highlights that Atlassian Cloud sites (Confluence sites accessed via an atlassian.net domain) are not affected by this vulnerability.

Impacted Versions:

  • 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • 8.1.0, 8.1.1, 8.1.3, 8.1.4
  • 8.2.0, 8.2.1, 8.2.2, 8.2.3
  • 8.3.0, 8.3.1, 8.3.2
  • 8.4.0, 8.4.1, 8.4.2
  • 8.5.0, 8.5.1

Fixed Versions:

  • 8.3.3 or later
  • 8.4.3 or later, and
  • 8.5.2 (Long Term Support release) or later
Atlassian Response and Recommendations

Atlassian has published a security advisory on the vulnerability, including vulnerability details, impacted versions, fixed versions, recommended mitigation steps for the customers unable to update, and how to detect the threat.

The advisory also indicates that:

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

It is of utmost importance that Confluence Server and Data Center customers using impacted versions immediately update to a fixed version or implement mitigations recommended by Atlassian.

Taking immediate action is crucial to protect Confluence instances from unauthorized access and potential exploitation. Please visit the the security advisory for detailed information from Atlassian.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.