Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 10] Atlassian Flaw Reaches Max Severity Amid Increased Exploits

What Happened

Atlassian has increased the CVSS score of an alarming security vulnerability in Atlassian Confluence Data Center and Server technology from 9.1 to the maximum of 10. The severity of the Atlassian flaw was triggered due to active ransomware and other cyberattack exploitations. The vulnerability, disclosed by Atlassian on October 31, is an improper authorisation flaw.

Atlassian shared the following information in their advisory regarding the escalation of the CVSS score:

As part of Atlassian’s ongoing monitoring and investigation of this CVE, we observed several active exploits and reports of threat actors using ransomware. We have escalated CVE-2023-22518 from CVSS 9.1 to 10, the highest critical rating, due to the change in the scope of the attack.

About the Vulnerability

The vulnerability is tracked under CVE-2023-22518 and pertains to an improper authorisation flaw which has been publicly known since its initial disclosure by Atlassian on October 31. Despite the early reporting, by November 3, there were already observed active exploits in the wild.

The affected software versions span across all Atlassian Confluence Data Center and Server deployments, although cloud instances are not impacted by this issue. The exploitation of this vulnerability allows an unauthenticated attacker to reset the Confluence service and create an administrator account. With such high-level access, attackers can achieve full control, completely undermining the confidentiality, integrity, and availability of the system.

Atlassian has issued a warning that they are currently unable to ascertain which customer instances were affected by these attacks.

Security teams should watch for several indicators of compromise, including the inability to log in, suspicious network access log entries, especially requests to /json/setup-restore*, the installation of unrecognised plugins like “web.shell.Plugin”, and the presence of encrypted or corrupted files. Additionally, unexpected modifications in user account roles or new user account creations could suggest a system compromise.

For more information about this vulnerability, please refer to our recent article.

Call for Action

Organisations that have not yet addressed the CVE-2023-22518 vulnerability in their Atlassian Confluence Data Center and Server installations should prioritise patching these systems immediately. The gravity of the situation is underscored by the CVSS score upgrade to a critical 10. Consequently, reflecting the extreme risk of exploitative attacks that could lead to a total system compromise.

The urgency to patch cannot be overstated, as attackers are actively exploiting this vulnerability. The window to prevent potential breaches is also rapidly closing. Administrators must follow the guidelines set out by Atlassian and implement the security updates provided. They must remain vigilant for any signs of intrusion.

For a complete briefing on the vulnerability and recommendations, organisations should consult Atlassian’s advisory. Rapid7, a notable player in the cybersecurity field, has also provided an analysis. They also provided an alert regarding the escalation in attack frequency related to this vulnerability.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00