Security
Headlines
HeadlinesLatestCVEs

Headline

Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances

Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center.

Malwarebytes
#vulnerability#auth

Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center.

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if your Confluence site is accessed via an atlassian.net domain, it is not vulnerable.

Fixes of Confluence Data Center and Server are available for the following versions:

  • 7.19.16 or later
  • 8.3.4 or later
  • 8.4.4 or later
  • 8.5.3 or later
  • 8.6.1 or later

Atlassian strongly advises you apply the patch, even for instances that are not exposed to the public internet.

Customers who are unable to immediately patch their Confluence Data Center and Server instances should back them up. Instances accessible over the public internet, including those with user authentication, should be restricted from external network access until they have been patched.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE patched in these updates is listed as:

CVE-2023-22518 (CVSS score 9.1 out of 10): a critical severity authentication vulnerability was discovered in the Confluence Server and Data Center. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.

Atlassian has said it is unaware of any exploits. Other than that an attacker may bypass User Account Control (UAC) mechanisms to elevate process privileges on system there are no details available.

Atlassian CISO Bala Sathaimurthy stated:

“Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker. There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances.”

Patching vulnerable Confluence servers is important, as cybercriminals have shown before that they make for an attractive target.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Related news

Atlassian Confluence Improper Authorization / Code Execution

This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server.

Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers

Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon's Stroz Friedberg Incident Response Services said in an analysis published

A new video series, Google Forms spam and the various gray areas of cyber attacks

It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion.

Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws

Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat

Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats

By Deeba Ahmed Atlassian Confluence is a popular collaborative wiki system enterprises use to organize/share work. This is a post from HackRead.com Read the original post: Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats

CVE-2023-22518: Improper Authorization in Confluence Data Center and Server - CVE-2023-22518

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data