October 31, 2023 at 02:06PM
Australian software company Atlassian has issued a warning to admins to patch their Internet-exposed Confluence instances due to a critical security flaw. The vulnerability, tracked as CVE-2023-22518, could lead to data loss. While it doesn’t impact confidentiality or allow for data exfiltration, it is necessary to take immediate action to protect affected instances by upgrading to fixed versions or applying mitigation measures. Earlier this month, CISA, FBI, and MS-ISAC also issued a warning about another actively exploited flaw in Atlassian Confluence servers.
Key points from the meeting notes:
– Atlassian, an Australian software company, has issued a warning to administrators to immediately patch Internet-exposed instances of Confluence, their software, due to a critical security flaw.
– The vulnerability, tracked as CVE-2023-22518, is an improper authorization vulnerability that affects all versions of Confluence Data Center and Confluence Server software, putting publicly accessible instances at critical risk.
– The bug allows threat actors to destroy data on affected servers but does not impact confidentiality or allow them to exfiltrate instance data.
– Atlassian Cloud sites accessed via the atlassian.net domain are not affected by this vulnerability.
– Atlassian has fixed the vulnerability in certain versions of Confluence Data Center and Server software and advises administrators to upgrade to the fixed version immediately. If upgrading is not possible, mitigation measures such as backing up unpatched instances and blocking Internet access should be applied.
– The company has not received reports of active exploitation at this time but urges customers to take immediate action to protect their instances.
– Another privilege escalation flaw, tracked as CVE-2023-22515, was previously actively exploited, and network administrators were warned to patch Confluence servers against it.
– Microsoft disclosed that the Chinese-backed Storm-0062 threat group had exploited the previously mentioned flaw as a zero-day since September 14, 2023.
– It is crucial to patch vulnerable Confluence servers promptly as they have been targeted in widespread attacks involving Linux botnet malware, crypto miners, and ransomware such as AvosLocker and Cerber2021.