Atlassian fell into a digital trap: hackers took advantage of the privilege escalation vulnerability

CarderPlanet

Professional
Messages
2,552
Reaction score
712
Points
83
Sharing has played a cruel trick on Confluence users.

On October 4, Atlassian, an Australian company specializing in the production and support of enterprise collaboration software, issued an official warning regarding CVE-2023-22515, a critical security flaw in privilege escalation in the Confluence Data Center and Server. This previously undocumented 0-day vulnerability was successfully exploited by hackers against a limited number of clients.

Successful use of the vulnerability allows you to create administrator accounts to access Confluence instances. According to Atlassian, the severity rating of this vulnerability is in the range of 9.0 to 10.0 points on the CVSS scale.

The mitigation recommendations for CVE-2023-22515 indicate that blocking network access to endpoints /setup / * will help prevent the exploitation of this vulnerability. It is also noted that the attacked clients previously shared access to their Confluence servers, which became the entry point for cybercriminals.

However, it is claimed that Confluence cloud instances (with the domain "atlassian.net") are not affected by this vulnerability.

The Atlassian Confluence platform has faced attacks in the past. So, in June 2022, information was published about another critical zero-day vulnerability that was exploited by attackers from China.

Atlassian has released fixes for CVE-2023-22515 and provided a list of all affected versions. Organizations are strongly encouraged to install updates as soon as possible to mitigate potential risks.

The Atlassian document also provides compromise indicators to help organizations determine if they are affected by this attack.
 
Top