Atlassian warns of critical Confluence flaw leading to data loss


Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.

Described as an improper authorization vulnerability affecting all versions of Confluence Data Center and Confluence Server software, the bug is tracked as CVE-2023-22518 and puts publicly accessible instances at critical risk.

While threat actors could use the flaw to destroy data on affected servers, the bug doesn’t impact confidentiality as it can’t be exploited to exfiltrate instance data. Atlassian Cloud sites accessed via an domain are also unaffected by this vulnerability.

“As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker,” said Bala Sathiamurthy, Atlassian’s Chief Information Security Officer (CISO).

“There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances.”

The company fixed the critical CVE-2023-22518 vulnerability in Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.

Atlassian warned admins to upgrade to a fixed version immediately and, if that isn’t possible, to apply mitigation measures, including backing up unpatched instances and blocking Internet access until they’re upgraded.

“Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch,” the company said.

Earlier this month, CISA, FBI, and MS-ISAC warned network admins to immediately patch Atlassian Confluence servers against an actively exploited privilege escalation flaw tracked as CVE-2023-22515.

“Due to the ease of exploitation, CISA, FBI, and MS-ISAC expect to see widespread exploitation of unpatched Confluence instances in government and private networks,” the joint advisory warned.

Microsoft revealed that the Chinese-backed Storm-0062 (aka DarkShadow or Oro0lxy) threat group had exploited the flaw as a zero-day since at least September 14, 2023.

Patching vulnerable Confluence servers as soon as possible is of utmost importance, seeing that they were previously targeted in widespread attacks pushing Linux botnet malwarecrypto miners, and AvosLocker and Cerber2021 ransomware.

Original Source

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.