Lord777
Professional
- Messages
- 2,579
- Reaction score
- 1,478
- Points
- 113
The company warned about the danger and urged to update the software before it's too late.
Atlassian issued a warning to administrators about a publicly available exploit that targets a critical security vulnerability in Confluence that can be used in attacks to destroy data on servers.
Vulnerability CVE-2023-22518 (CVSS: 9.1) is characterized as an incorrect authorization issue affecting all versions of the Confluence Data Center and Confluence Server software.
Atlassian indicated that it has discovered a publicly available exploit that poses a critical risk to online Confluence instances. It is noteworthy that in its previous warning regarding the discovery of the vulnerability CVE-2023-22518 , the company did not disclose details about the bug and the exact method of exploitation, probably so that cybercriminals could not develop an exploit.
So far, there have been no reports of active exploitation of the vulnerability, but customers should immediately take measures to protect their systems. If the update has already been applied, no additional actions are required.
Attackers can use the flaw to delete data on affected servers, but it cannot be used to steal data. It is also important to note that Atlassian Cloud sites are not affected.
The critical vulnerability CVE-2023-22518 in Confluence Data Center and Server was fixed in versions 7.19.16, 8.3.4, 8.4.4, 8.5.3 and 8.6.1. The Company urged administrators to immediately update their software and, if this is not possible, apply risk mitigation measures, including backing up non-updated instances and blocking Internet access until the update is installed.
Atlassian issued a warning to administrators about a publicly available exploit that targets a critical security vulnerability in Confluence that can be used in attacks to destroy data on servers.
Vulnerability CVE-2023-22518 (CVSS: 9.1) is characterized as an incorrect authorization issue affecting all versions of the Confluence Data Center and Confluence Server software.
Atlassian indicated that it has discovered a publicly available exploit that poses a critical risk to online Confluence instances. It is noteworthy that in its previous warning regarding the discovery of the vulnerability CVE-2023-22518 , the company did not disclose details about the bug and the exact method of exploitation, probably so that cybercriminals could not develop an exploit.
So far, there have been no reports of active exploitation of the vulnerability, but customers should immediately take measures to protect their systems. If the update has already been applied, no additional actions are required.
Attackers can use the flaw to delete data on affected servers, but it cannot be used to steal data. It is also important to note that Atlassian Cloud sites are not affected.
The critical vulnerability CVE-2023-22518 in Confluence Data Center and Server was fixed in versions 7.19.16, 8.3.4, 8.4.4, 8.5.3 and 8.6.1. The Company urged administrators to immediately update their software and, if this is not possible, apply risk mitigation measures, including backing up non-updated instances and blocking Internet access until the update is installed.
