October 11, 2023 at 12:30AM
Microsoft has identified a critical flaw in Atlassian Confluence Data Center and Server that is being exploited by a nation-state actor called Storm-0062. The vulnerability, known as CVE-2023-22515, allows attackers to create unauthorized administrator accounts. Atlassian has been made aware of the issue and advises users to upgrade to the latest versions and isolate the applications from the public internet.
Meeting Takeaways:
– Microsoft has identified a critical flaw in Atlassian Confluence Data Center and Server that has been exploited by a nation-state actor known as Storm-0062, DarkShadow, or Oro0lxy.
– The vulnerability, CVE-2023-22515, is a privilege escalation vulnerability that allows remote attackers to create unauthorized Confluence administrator accounts and access Confluence servers.
– The flaw has been addressed in versions 8.3.3 or later, 8.4.3 or later, and 8.5.2 (Long Term Support release) or later.
– The attacks have been observed since September 14, 2023, and have been exploited as a zero-day by the threat actor.
– Oro0lxy is a digital alias associated with Li Xiaoyu, a Chinese hacker who was accused by the U.S. Department of Justice of infiltrating multiple companies.
– Organizations using Confluence applications are advised to upgrade to the latest versions and isolate them from the public internet until the fixes are implemented.