November 2, 2023 at 05:53PM
Atlassian has issued a warning to admins about a critical security flaw in Confluence that could result in data destruction attacks. A public exploit for the vulnerability, tracked as CVE-2023-22518, has been found, putting Internet-exposed and unpatched instances at high risk. Atlassian has urged immediate action, including upgrading software and applying mitigation measures. It is important to note that Atlassian Cloud sites accessed through an atlassian.net domain are unaffected. This comes after a vulnerability was patched last month, which was actively exploited by a Chinese-backed threat group.
Key takeaways from the meeting notes:
– Atlassian has issued a warning regarding a critical security flaw in Confluence software.
– The vulnerability, known as CVE-2023-22518, is an improper authorization vulnerability affecting all versions of Confluence Data Center and Confluence Server software.
– The vulnerability can be exploited by attackers to perform data destruction attacks on Internet-exposed and unpatched instances of Confluence.
– Atlassian has discovered a publicly available exploit that increases the risk of exploitation for publicly accessible instances.
– While data can be wiped from impacted servers, the vulnerability cannot be used to steal data stored on vulnerable instances.
– Atlassian Cloud sites accessed through an atlassian.net domain are unaffected by the vulnerability.
– Atlassian has released patches for Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1 to address the CVE-2023-22518 vulnerability.
– Admins are urged to upgrade their software immediately or apply mitigation measures such as backing up unpatched instances and blocking Internet access to unpatched servers.
– Atlassian also provides instructions for removing known attack vectors by modifying the web.xml file and restarting the vulnerable instance.
– It is important to patch Confluence instances as soon as possible, as the mitigation actions are limited and not a complete replacement for patching.
– This warning comes after a previous warning about a privilege escalation flaw (CVE-2023-22515) that was actively exploited by a Chinese-backed threat group known as Storm-0062.
– Confluence servers have been targeted in previous attacks involving AvosLocker and Cerber2021 ransomware, Linux botnet malware, and crypto miners.