Even the FBI says you need to patch this Atlassian Confluence bug right now
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned Atlassian Confluence server users to patch their endpoints immediately.
The alert was issued after new findings indicate that a recently discovered flaw – CVE-2023-22515 – is being actively exploited in low-complexity, highly damaging attacks that do not require interaction with the victim to be successful.
In a safety advicethe organizations said that hackers are using the flaw to gain access to systems and then continue active exploitation even after the patch. The error is considered critical, with the three agencies expecting “widespread, continued exploitation due to the ease of exploitation.”
Escalating privilege error
In addition to applying the patch with the utmost urgency, users are also encouraged to “hunt for malicious activity” on their networks using the detection signatures and indicators of compromise (IoC) published in the advisory. “If a potential compromise is discovered, organizations should implement the incident response recommendations,” the advisory concludes.
The three organizations refer to a vulnerability tracked as CVE-2023-22515, a critical privilege escalation flaw found in Confluence Data Center and Server 8.0.0. Organizations.
Atlassian fixed the bug on October 4 and urged users to immediately upgrade to unaffected versions: 8.3.3 or later, 8.4.3 or later, 8.5.2 or later. Organizations that could not immediately apply the patch were advised to turn off the servers or disconnect them from the global internet.
In the meantime, a Chinese state-sponsored threat actor Storm-0062 was observed exploiting it in attacks, BleepingComputer reported. The attacks were apparently very limited, Greynoise added, but with proofs-of-concept underway, that could quickly change for the worse. The publication added that previous similar campaigns have involved Linux botnet malware, crypto miners and ransomware attacks, indicating the scale of the problem.
Through BleepingComputer