Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 10] Atlassian Customers Alerted to Second Critical Vulnerability within a Month

Executive Summary

Atlassian has identified a critical vulnerability, CVE-2023-22518, affecting its Confluence Data Center and Server collaboration and project management platform.

Atlassian emphasised that only those with the on-premises version are affected.

While there are currently no known active exploits, the CVSS score of the vulnerability is 9.1 by Atlassian, indicating an urgent need for customers to apply the patch immediately.

This is the second critical vulnerability reported for Confluence in the past month. The previous vulnerability, CVE-2023-22515, is a broken access control vulnerability with a CVSS score of 10 by Atlassian, and 9.8 by NIST. For more information, please refer to our recent news articles about it:

About the Vulnerability

CVE-2023-22518 is a critical authorisation vulnerability, impacting all on-premises versions of Confluence. It has a CVSS score of 9.1 by Atlassian (NIST score is not available as of the day this news is written).

Notably, this vulnerability does not compromise data confidentiality; however, it allows attackers to manipulate data stored on vulnerable servers, potentially rendering it inaccessible to legitimate users. It’s crucial to emphasise that it exclusively affects on-premises versions of Confluence and does not impact cloud or SaaS versions.

Atlassian has not received reports of active exploitation of this vulnerability. Still, the potential for significant data loss if exploited by an unauthenticated attacker necessitates immediate action. Atlassian’s Chief Information Security Officer (CISO), Bala Sathiamurthy, has issued a warning, urging customers to apply the patch promptly.

Field Effect, a security intelligence provider, concurs with Atlassian’s advice and notes that the vulnerability, as currently understood, primarily enables threat actors to disrupt or delete data on vulnerable servers rather than exfiltrate it. However, the risk remains, and organisations should act swiftly to mitigate it.

Recommendations

Atlassian has provided the following recommendations for addressing the identified vulnerability:

Immediately patch to a fixed version: Atlassian advises users to apply the patch by upgrading their affected Confluence installations.

Apply temporary mitigations if unable to patch:

  • Perform a backup of the Confluence instance to mitigate risks of identified vulnerabilities. You can find the instructions on how to do this here.
  • If possible, it is recommended to restrict external network access to instances accessible to the public internet, including those with user authentication, until the patch can be applied.

Please refer to Atlassian’s security advisory for detailed information and further instructions.

It’s crucial to promptly follow these recommendations from Atlassian to mitigate the risks associated with the identified vulnerability.

Additionally, please see below some best practices to minimise the impact of a potential incident:

  • Monitoring and Logging: Implement robust monitoring and logging solutions to detect any suspicious activity on Confluence servers promptly. This will help identify potential threats and enable proactive response.
  • Incident Response Plan: Develop and maintain an incident response plan to guide the organisation in the event of a security breach. This plan should include steps to assess the impact, contain the threat, and restore normal operations.
  • Stay Informed: Continuously monitor Atlassian’s security advisories and updates. Stay informed about any developments related to this vulnerability and follow Atlassian’s guidance closely.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.