Atlassian users need to patch their Confluence instances now to avoid data being destroyed by hackers
Confluence users can’t seem to catch a break, as creators warn Atlassian about yet another very serious flaw being exploited in the wild.
This time, the vulnerability in question is an improper authorization flaw found in all versions of Confluence Data Center and Confluence Server. It is tracked as CVE-2023-22518 and has a severity score of 9.1.
Hackers can use it to destroy data on affected servers. However, it appears they can’t steal the data, as Atlassian said there was “no impact on confidentiality as an attacker cannot exfiltrate any instance data.” Additionally, Atlassian Cloud sites accessed through an atlassian.net domain appear immune to the flaw.
No exploitation yet
“As part of our ongoing security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker,” said Bala Sathiamurthy, Chief Information Security Officer (CISO) of Atlassian in an article. on the company’s website.
“There are no reports of active exploitation at this time, but customers should take immediate action to protect their instances,” he added.
Atlassian has addressed the vulnerability and patched Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.
Users are advised to apply the solution immediately. If for some reason they can’t do that, they should take mitigation measures, including backing up unpatched instances and blocking Internet access until they are upgraded.
“Instances accessible to the public Internet, including those with user authentication, should be excluded from external network access until you can patch,” the company said.
In mid-October this year, the FBI, CISA, and other agencies urged administrators to implement a fix and secure their endpoints against CVE-2023-22515, another flaw found in Atlassian Confluence servers.
“Due to ease of exploitation, CISA, FBI, and MS-ISAC expect widespread exploitation of unpatched Confluence instances in government and private networks,” the agencies warned at the time.