November 3, 2023 at 05:59PM
Proof of concept exploit code for a critical vulnerability in Atlassian’s Confluence Data Center and Server technology is now publicly available. The vulnerability, assigned CVE-2023-22518 and rated 9.1 out of 10 in severity, poses a risk of data loss. At least 36 unique IP addresses have been observed attempting to exploit the vulnerability. Atlassian has urged organizations to apply their fix immediately and has advised those unable to patch to remove their Confluence instances from the internet.
Meeting Notes Takeaways:
– Proof of concept (PoC) exploit code for a critical vulnerability in Atlassian’s Confluence Data Center and Server technology has become publicly available.
– The vulnerability, assigned the identifier CVE-2023-22518, has a severity rating of 9.1 out of 10 on the CVSS scale.
– At least 36 unique IP addresses have been observed attempting to exploit the Atlassian vulnerability within the last 24 hours.
– The vulnerability could lead to significant data loss if exploited, according to Atlassian’s CISO.
– It specifically affects Atlassian Data Center and Server versions, but not the cloud-hosted versions.
– The vulnerability is related to improper authorization, which allows attackers to gain access to privileged functionality and data in the application.
– Attackers who exploit the vulnerability can delete data on a Confluence instance or block access to it, but they cannot exfiltrate data.
– Atlassian has urged organizations to immediately apply the fix for the vulnerability and has recommended removing Confluence instances from the internet if unable to patch immediately.
– ShadowServer reported around 24,000 exposed Atlassian Confluence instances, with the highest number located in the United States, followed by China, Germany, and Japan.
– This is the second major vulnerability disclosed by Atlassian in Confluence Data Center and Confluence Server technologies in the past month.
– The previous vulnerability, CVE-2023-22515, also involved low attack complexity and prompted warnings from US agencies about widespread exploit activity.
Please let me know if you need any further information or if you would like me to take any additional actions based on these meeting notes.