Headline
CVE-2023-22518: Improper Authorization in Confluence Data Center and Server - CVE-2023-22518
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Summary of Vulnerability
An Important Message from Bala Sathiamurthy, Chief Information Security Officer (CISO)
As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker. There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances. Please read the Critical Security Advisory below for instructions and vulnerability details.
Protecting customers’ instances is our top priority, and our prompt response demonstrates our dedication to ensuring the safety of our customers and your data. Atlassian is always reviewing security measures to reduce security risks and support our customers in taking timely action. Customers can expect to receive high-priority patches outside of our monthly advisory schedule as necessary. We believe that taking proactive action is the best approach and we appreciate your ongoing partnership.
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.
Publicly accessible Confluence Data Center and Server versions as listed below are at critical risk and require immediate attention. See ‘What You Need to Do’ for detailed instructions.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
This critical severity Improper Authorization vulnerability known as CVE-2023-22518 affects all versions prior to the listed fix versions of Confluence Data Center and Server. Versions outside of the support window (i.e. versions that have reached End of Life) may also be affected, so Atlassian recommends you upgrade to a fixed LTS version or later.
Affected Versions
Product
Affected Versions
Confluence Data Center
Confluence Server
All versions are affected
Fixed Versions
Product
Fixed Versions
Confluence Data Center
Confluence Server
- 7.19.16 or later
- 8.3.4 or later
- 8.4.4 or later
- 8.5.3 or later
- 8.6.1 or later
What You Need to Do
Atlassian recommends that you upgrade your instance to one of the versions listed in the “Fixed Versions” table section of this ticket. For full descriptions of the above versions of Confluence Data Center and Server, see the release notes. You can download the latest version of Confluence Data Center and Server from the download center.
Mitigation
- Back up your instance. (Instructions: Production Backup Strategy)
- Remove your instance from the internet until you can patch, if possible. Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch.
For additional details, please see full advisory here: https://confluence.atlassian.com/display/SECURITY/CVE-2023-22518±+Improper+Authorization+Vulnerability+in+Confluence+Data+Center+and+Server
Related news
This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server.
Plus: Major security patches from Microsoft, Mozilla, Atlassian, Cisco, and more.
Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon's Stroz Friedberg Incident Response Services said in an analysis published
It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion.
Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat
Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center.
By Deeba Ahmed Atlassian Confluence is a popular collaborative wiki system enterprises use to organize/share work. This is a post from HackRead.com Read the original post: Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats
Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data