Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 10] Surging Exploit Attempts Target Critical Confluence Vulnerability

Executive Summary

Atlassian recently released a patch for a critical vulnerability, CVE-2023-22527, affecting older versions of Confluence. Atlassian assigned an initial CVSS score of 10.0 to this flaw, which allows unauthenticated attackers to execute arbitrary code. Furthermore, experts have noticed a significant increase in exploit attempts against this Confluence vulnerability.

This increase has been observed after revealing the vulnerability details and a proof-of-exploit. Thus, users of affected versions must act immediately to protect their systems against active Atlassian vulnerability exploits.

About CVE-2023-22527

CVE-2023-22527 is a critical remote code execution vulnerability. It affects older versions of Confluence Data Center and Server.

The flaw stems from a template injection issue. It allows unauthenticated attackers to execute arbitrary commands and code remotely.

The vulnerability exists in versions released before December 5, 2023. This includes version 8.4.5, which no longer receives backported fixes.

Exploit Attempts

After the public disclosure of this Confluence vulnerability and the release of proof-of-concept code, exploit attempts have increased. The proof of exploit came to light when researchers reversed the patch issued by Atlassian.

Attackers are actively using this vulnerability with various payloads. They aim to export data or execute commands on affected systems. This revelation underscores the urgency of applying the security patch immediately. It also highlights the importance of system vigilance.

Atlassian’s Fix

Atlassian has released an update and a security advisory for this critical issue.

This update fixes the template injection vulnerability associated with OGNL in Java’s Struts framework. It prevents attackers from injecting arbitrary OGNL objects. This method was previously used for executing Java code.

Additionally, it is worth mentioning that the latest supported versions of Confluence Data Center and Server and Atlassian Cloud instances are not vulnerable.

Please see below the list of impacted products, their fixed versions and the latest versions.

ProductFixed VersionsLatest Versions
Confluence Data Center and Server• 8.5.4 (LTS)• 8.5.5 (LTS)
Confluence Data Center• 8.6.0 (Data Center Only) • 8.7.1 (Data Center Only)• 8.7.2 (Data Center Only)

The company is urging all affected users to update their systems immediately. Also, Atlassian recommends that users patch each of the affected installations to the latest available version. As the listed “Fixed Versions” are no longer the most up-to-date, they do not provide protection against other high-severity vulnerabilities fixed in the January Security Release.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.