January 16, 2024 at 10:23AM
Atlassian Confluence Data Center and Server had a critical remote code execution vulnerability (CVE-2023-22527) impacting versions released before December 5, 2023. The flaw allowed unauthenticated attackers to perform remote code execution. Atlassian fixed the vulnerability in later versions and advises users to install the latest version to protect against potential vulnerabilities.
Key Takeaways from the Meeting Notes:
1. Atlassian Confluence Data Center and Confluence Server versions released before December 5, 2023, are vulnerable to a critical remote code execution (RCE) vulnerability (CVE-2023-22527), which has been rated as critical (CVSS v3: 10.0).
2. The vulnerability is a template injection flaw that allows unauthenticated attackers to perform remote code execution on impacted Confluence endpoints.
3. Atlassian has released fixed versions to address this flaw, including Confluence Data Center and Server versions 8.5.4 (LTS), 8.6.0 (Data Center only), and 8.7.1 (Data Center only), which were released in December.
4. Admins who have moved to more recent releases are safe from CVE-2023-22527 exploitation.
5. Atlassian recommends that users of unsupported versions move to actively supported releases as soon as possible and apply available updates to mitigate the security problem.
6. Instances not connected to the internet and those that do not allow anonymous access are still exploitable, though the risk is reduced.
7. Atlassian has not provided any mitigation or workarounds for the security problem, so applying available updates is the recommended course of action.
8. For those unable to apply updates immediately, it is recommended to take impacted systems offline, back up the data, and monitor for malicious activity.
9. Atlassian Confluence bugs are often targeted by attackers, including state-sponsored threat groups and ransomware groups.
10. Atlassian cannot share meaningful indicators of compromise (IoCs) to help detect exploitation of CVE-2023-22527 due to multiple possible entry points and the ability to use the flaw in chained attacks.