Atlassian Alerts Users of Critical Confluence Flaw Risking Data Loss
October 31, 2023
Atlassian, the Australian software company, has alerted administrators to immediately patch Confluence instances that are exposed to the internet due to a critical security flaw that could lead to data loss. This flaw, described as an improper authorization vulnerability, affects all versions of Confluence Data Center and Confluence Server software. The bug, tracked as CVE-2023-22518, puts publicly accessible instances at a high risk. While the flaw could be used by malicious actors to delete data on affected servers, it does not affect confidentiality as it cannot be used to siphon off instance data. Atlassian's cloud sites accessed via an atlassian.net domain are not impacted by this vulnerability.
"As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker," said Bala Sathiamurthy, Atlassian's Chief Information Security Officer (CISO). He also mentioned that there are no reports of active exploitation at this time, but customers must act swiftly to protect their instances.
The company has addressed the critical CVE-2023-22518 vulnerability in Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1. Atlassian has urged administrators to upgrade to a fixed version without delay and, if that is not feasible, to implement mitigation measures, such as backing up unpatched instances and blocking internet access until they are upgraded.
Earlier this month, warnings were issued by CISA, FBI, and MS-ISAC to network administrators to immediately patch Atlassian Confluence servers against an actively exploited privilege escalation flaw tracked as CVE-2023-22515. The joint advisory cautioned that due to the ease of exploitation, they expect to see widespread exploitation of unpatched Confluence instances in both government and private networks.
The Chinese-backed Storm-0062 (aka DarkShadow or Oro0lxy) threat group had exploited the flaw as a zero-day since at least September 14, 2023, as revealed by Microsoft. It is crucial to patch vulnerable Confluence servers as soon as possible, given that they were previously targeted in widespread attacks pushing Linux botnet malware, crypto miners, and AvosLocker and Cerber2021 ransomware.
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.
Accelerate Security Teams
Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.