Headline
Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats
By Deeba Ahmed Atlassian Confluence is a popular collaborative wiki system enterprises use to organize/share work. This is a post from HackRead.com Read the original post: Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats
Atlassian has issued patches for all supported versions of Confluence Data Center and Server before 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1 and strongly advised customers to apply patches immediately.
Australia’s leading software firm Atlassian has issued an emergency patch for a critical security flaw that can allow unauthenticated actors to cause “significant data loss” if exploited. The company has released an advisory this week to warn customers after state-backed hackers tried to target its products recently. The vulnerability is rated 9.1 out of 10 on the vulnerability severity scoring system and is tracked as CVE-2023-22518.
The vulnerability is an improper authorization flaw that can allow an attacker to access sensitive data like user accounts, passwords, and confidential information. According to the company’s advisory, the flaw affects Atlassian Confluence Data Center and Server’s on-premise versions.
For your information, Atlassian Confluence is a popular collaborative wiki system enterprises use to organize/share work. A few weeks back, it was targeted by Chinese state-sponsored hackers. They exploited the bug with another 10.0 maximum-rated flaw to compromise Atlassian customers.
Atlassian has issued patches for all supported versions of Confluence Data Center and Server before 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1 and strongly advised customers to apply patches immediately. The company hasn’t shared more details on the flaw.
“Versions outside of the support window (i.e. versions that have reached End of Life) may also be affected, so Atlassian recommends you upgrade to a fixed LTS version or later. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.” Atlassian stated.
The company claims that as of October 31st, there were no reports of the vulnerability being actively exploited. Moreover, Atlassian noted that data confidentiality will not be impacted because an attacker cannot exfiltrate “any instance data.”
However, it has requested all users of publicly accessible on-premise Confluence products to be upgraded. Admins unable to patch immediately are advised to create a backup and remove the product from the internet temporarily to restrict access from external networks until patched.
Also included in the advisory was a message from Atlassian’s CISO, Bala Sathaimurthy, who stated that customers should take “immediate action.” Apart from installing security patches, they must use strong passwords for all Confluence accounts and keep Confluence products updated. They must regularly monitor Confluence activity to detect suspicious actions timely and only allow authorized individuals to access Confluence.
****RELATED ARTICLES****
- IT Security firm Qualys extorted by Clop gang after data breach
- Human Error: Casio ClassPad Data Breach Impacting 148 Countries
- Massive MOVEit Hack: 630K+ US Defense Officials’ Emails Breached
- Cisco Web UI Vulnerability Exploited Massly, Impacting Over 40K Devices
Related news
This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server.
Plus: Major security patches from Microsoft, Mozilla, Atlassian, Cisco, and more.
Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon's Stroz Friedberg Incident Response Services said in an analysis published
It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion.
Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat
Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center.
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data