Urgent Warning Issued for Atlassian Bug Exploit: Immediate Patching Required

November 3, 2023

Atlassian recently disclosed a major security vulnerability in its Confluence Data Center and Server technology, tracked as CVE-2023-22518. The proof of concept (PoC) exploit code for this vulnerability is now publicly available, increasing the urgency for organizations using the platform to apply Atlassian's fix immediately.

ShadowServer, a cybersecurity organization, reported on Nov. 3 that it had detected attempts to exploit the Atlassian vulnerability from at least 36 unique IP addresses in the past 24 hours.

The critical bug was disclosed by Atlassian on Oct. 31, with a severity rating of 9.1 out of 10 on the CVSS scale. The company's CISO warned that the vulnerability could lead to 'significant data loss' if exploited. The vulnerability affects all versions of Atlassian Data Center and Server, but not the cloud-hosted versions.

The bug allows an attacker to access privileged functionality and data due to improper authorization. An attacker exploiting this vulnerability could delete data on a Confluence instance or block access to it, but they would not be able to exfiltrate data from it, according to an analysis by security intelligence firm Field Effect.

On Nov. 2, Atlassian updated its vulnerability alert, warning that technical details of CVE-2023-22518 had become publicly available, thereby increasing the risk of attackers exploiting the vulnerability. However, Atlassian stated, 'There are still no reports of an active exploit, though customers must take immediate action to protect their instances.'

Atlassian has recommended that organizations unable to patch immediately should disconnect their Confluence instances from the internet until they can apply the patch.

ShadowServer has observed increasing exploit activity involving attempts to upload files and set up or restore vulnerable internet-accessible Confluence instances. The organization identified around 24K exposed (not necessarily vulnerable) Atlassian Confluence instances. The majority of these exposed systems are located in the United States, followed by China, Germany, and Japan.

This is the second major vulnerability that Atlassian has disclosed in its Confluence Data Center and Server technologies over the past month. On October 4, the company disclosed another maximum severity bug, CVE-2023-22515, which was discovered after customers reported problems. The attacker was later identified as a nation-state actor. Both CVE-2023-22515 and CVE-2023-22518 involved low attack complexity. A joint advisory from the US Cybersecurity and Infrastructure Agency, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned organizations to prepare for widespread exploit activity and urged them to patch the flaw as soon as possible.

Related News

• Atlassian Alerts on Exploit for Critical Confluence Security Flaw
• Atlassian Alerts Users of Critical Confluence Flaw Risking Data Loss
• Urgent Call from CISA, FBI to Patch Atlassian Confluence Over Severe Vulnerability
• Microsoft Identifies Nation-State Threat Actor Behind Confluence Zero-Day Attacks
• Critical Zero-Day Vulnerability in Atlassian's Confluence Software Patched Amidst Exploitation

Latest News

• North Korean Lazarus Group Exploited Windows Kernel Bug as Zero-Day for Six Months
• U.S. Judge Orders NSO Group to Disclose Pegasus Spyware Source Code to Meta
• CISA Issues Alert on Microsoft Streaming Bug Exploited in Malware Attacks
• Five Eyes Intelligence Alliance Issues Warning on Ivanti Gateway Vulnerabilities
• CISA Warns of Persistent Threats on Hacked Ivanti VPN Appliances Even After Factory Resets