February 1, 2024 at 03:59PM Cloudflare revealed today that its internal Atlassian server was infiltrated by a ‘nation state’ attacker, who gained access to its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The company detected the breach on November 23, severed access on November 24, and assured that customer data … Read more
January 22, 2024 at 11:06AM Attempts to exploit a critical Atlassian Confluence vulnerability, CVE-2023-22527, began shortly after its disclosure. Out-of-date versions of Confluence Data Center and Server are affected, allowing unauthenticated attackers to achieve remote code execution. The Shadowserver Foundation reported 40,000 exploitation attempts, highlighting widespread activity and the ongoing risk to vulnerable servers. Based … Read more
January 17, 2024 at 10:30AM Atlassian warns of a critical vulnerability in out-of-date Confluence Data Center and Server versions allowing remote code execution (RCE) without authentication, with a CVE-2023-22527 (CVSS score of 10). This template injection flaw impacts Confluence 8 versions released before Dec. 5, 2023. Atlassian advises immediate patching and recommends updating to the … Read more
January 16, 2024 at 01:12PM Critical vulnerabilities in Atlassian and VMware products have been revealed. Atlassian’s Confluence Data Center and Server have a flaw allowing remote code execution, and Jira Software Data Center and Server are susceptible to XML external entity attacks. VMware’s Aria Automation faces a missing access control issue, all requiring immediate patching … Read more
January 16, 2024 at 10:23AM Atlassian Confluence Data Center and Server had a critical remote code execution vulnerability (CVE-2023-22527) impacting versions released before December 5, 2023. The flaw allowed unauthenticated attackers to perform remote code execution. Atlassian fixed the vulnerability in later versions and advises users to install the latest version to protect against potential … Read more
November 10, 2023 at 04:03AM Researchers have discovered a stealthy backdoor called Effluence that exploits a security flaw in Atlassian Confluence Data Center and Server. The backdoor allows attackers to move laterally within the network and exfiltrate data. It can be accessed remotely without authenticating to Confluence. The attack chain involves exploiting two critical bugs … Read more
November 4, 2023 at 12:30PM Enterprise software maker Atlassian has issued a warning on a critical-severity vulnerability in Confluence Data Center and Confluence Server. The flaw, tracked as CVE-2023-22518, could result in severe data loss due to an improper authorization issue. Atlassian has released patches for the bug and urges organizations to apply them promptly. … Read more
October 31, 2023 at 02:22PM Software maker Atlassian has issued a warning to all Confluence Data Center and Server customers about a critical vulnerability that could be exploited without authentication. The vulnerability, known as CVE-2023-22518, is an improper authorization bug that affects all Confluence versions. Although no data exfiltration can occur from exploiting the flaw, … Read more
October 31, 2023 at 02:06PM Australian software company Atlassian has issued a warning to admins to patch their Internet-exposed Confluence instances due to a critical security flaw. The vulnerability, tracked as CVE-2023-22518, could lead to data loss. While it doesn’t impact confidentiality or allow for data exfiltration, it is necessary to take immediate action to … Read more
October 31, 2023 at 01:11AM Customers of Atlassian’s Confluence collaboration tool have been alerted to a critical flaw, CVE-2023-22518, and urged to take immediate action. The vulnerability affects all versions of Confluence and is rated at a severity of 9.1/10. Atlassian has not provided details on the nature of the flaw but recommends upgrading to … Read more