October 31, 2023 at 08:18AM
Atlassian has discovered a critical security flaw in Confluence Data Center and Server that could lead to significant data loss. The vulnerability is rated 9.1 out of 10 in severity and affects all versions of Confluence. Atlassian recommends applying the necessary patches and disconnecting public internet access to vulnerable instances. No evidence of exploitation has been found, but previous vulnerabilities in the software have been weaponized by threat actors. Atlassian Cloud sites are unaffected.
Here are the key takeaways from the meeting notes:
– On October 31, 2023, Atlassian issued a warning about a critical security flaw in Confluence Data Center and Server.
– The vulnerability, tracked as CVE-2023-22518, is rated 9.1 out of 10 on the CVSS scoring system and is classified as an improper authorization vulnerability.
– All versions of Confluence Data Center and Server are affected by the bug.
– Atlassian has released patches for the vulnerability in the following versions: 7.19.16 or later, 8.3.4 or later, 8.4.4 or later, 8.5.3 or later, and 8.6.1 or later.
– The flaw does not impact confidentiality as attackers cannot exfiltrate instance data.
– Atlassian advises customers to take immediate action to secure their instances, including disconnecting those accessible to the public internet until the patch is applied.
– Customers running unsupported versions should upgrade to a fixed version.
– Atlassian Cloud sites are not affected by the issue.
– While there is no evidence of active exploitation, threat actors have previously weaponized other vulnerabilities in the software.
Please let me know if you need any further information or assistance.