Urgent Warning Issued for Atlassian Bug Exploit: Immediate Patching Required

November 3, 2023

Atlassian recently disclosed a major security vulnerability in its Confluence Data Center and Server technology, tracked as CVE-2023-22518. The proof of concept (PoC) exploit code for this vulnerability is now publicly available, increasing the urgency for organizations using the platform to apply Atlassian's fix immediately.

ShadowServer, a cybersecurity organization, reported on Nov. 3 that it had detected attempts to exploit the Atlassian vulnerability from at least 36 unique IP addresses in the past 24 hours.

The critical bug was disclosed by Atlassian on Oct. 31, with a severity rating of 9.1 out of 10 on the CVSS scale. The company's CISO warned that the vulnerability could lead to 'significant data loss' if exploited. The vulnerability affects all versions of Atlassian Data Center and Server, but not the cloud-hosted versions.

The bug allows an attacker to access privileged functionality and data due to improper authorization. An attacker exploiting this vulnerability could delete data on a Confluence instance or block access to it, but they would not be able to exfiltrate data from it, according to an analysis by security intelligence firm Field Effect.

On Nov. 2, Atlassian updated its vulnerability alert, warning that technical details of CVE-2023-22518 had become publicly available, thereby increasing the risk of attackers exploiting the vulnerability. However, Atlassian stated, 'There are still no reports of an active exploit, though customers must take immediate action to protect their instances.'

Atlassian has recommended that organizations unable to patch immediately should disconnect their Confluence instances from the internet until they can apply the patch.

ShadowServer has observed increasing exploit activity involving attempts to upload files and set up or restore vulnerable internet-accessible Confluence instances. The organization identified around 24K exposed (not necessarily vulnerable) Atlassian Confluence instances. The majority of these exposed systems are located in the United States, followed by China, Germany, and Japan.

This is the second major vulnerability that Atlassian has disclosed in its Confluence Data Center and Server technologies over the past month. On October 4, the company disclosed another maximum severity bug, CVE-2023-22515, which was discovered after customers reported problems. The attacker was later identified as a nation-state actor. Both CVE-2023-22515 and CVE-2023-22518 involved low attack complexity. A joint advisory from the US Cybersecurity and Infrastructure Agency, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned organizations to prepare for widespread exploit activity and urged them to patch the flaw as soon as possible.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.