January 22, 2024 at 08:45AM
Security researchers detect exploitation attempts for the critical CVE-2023-22527 vulnerability affecting older Atlassian Confluence servers, potentially exposing them to remote code execution. Atlassian provides fixes for affected versions and reports multiple attempts to exploit the flaw, mainly from Russian IP addresses. Server administrators are advised to update to a secure version.
Key takeaways from the meeting notes are as follows:
1. There is active exploitation of the CVE-2023-22527 vulnerability affecting outdated versions of Atlassian Confluence servers. This flaw allows unauthenticated remote attackers to execute code on vulnerable Confluence Data Center and Confluence Server endpoints.
2. Atlassian has released a fix for Confluence Data Center and Server versions 8.5.4 (LTS), 8.6.0 (Data Center only), and 8.7.1 (Data Center only), and later versions.
3. Shadowserver has reported thousands of exploitation attempts originating from over 600 unique IP addresses, primarily from Russian IP addresses. They also detected 11,100 exposed Atlassian Confluence instances accessible over the public internet.
4. Confluence server administrators are advised to ensure that their endpoints have been updated to a version released after December 5, 2023, and organizations with outdated instances should treat them as potentially compromised, look for signs of exploitation, perform a thorough cleanup, and update to a safe version. Atlassian has not provided specific indicators of compromise for this vulnerability.
These takeaways highlight the urgency for organizations to update their Atlassian Confluence servers and be vigilant for signs of exploitation.