Security
Headlines
HeadlinesLatestCVEs

Headline

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible

The Hacker News
#vulnerability#rce#auth#The Hacker News

Vulnerability / Cyber Attack

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure.

Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible installations.

The shortcoming affects Confluence Data Center and Server 8 versions released before December 5, 2023, as well as 8.4.5.

But merely days after the flaw became public knowledge, nearly 40,000 exploitation attempts targeting CVE-2023-22527 have been recorded in the wild as early as January 19 from more than 600 unique IP addresses, according to both the Shadowserver Foundation and the DFIR Report.

The activity is currently limited “testing callback attempts and ‘whoami’ execution,” suggesting that threat actors are opportunistically scanning for vulnerable servers for follow-on exploitation.

A majority of the attacker IP addresses are from Russia (22,674), followed by Singapore, Hong Kong, the U.S., China, India, Brazil, Taiwan, Japan, and Ecuador.

Over 11,000 Atlassian instances have been found to be accessible over the internet as of January 21, 2024, although it’s currently not known how many of them are vulnerable to CVE-2023-22527.

“CVE-2023-22527 is a critical vulnerability within Atlassian’s Confluence Server and Data Center,” ProjectDiscovery researchers Rahul Maini and Harsh Jaiswal said in a technical analysis of the flaw.

“This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence instance, thereby enabling the execution of arbitrary code and system commands.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.8) by security researcher Sina Kheirkhah of the Summoning Team, who

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,

Atlassian Confluence 8.5.3 Remote Code Execution

Atlassian Confluence versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3 suffer from a remote code execution vulnerability.

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]

Atlassian Confluence SSTI Injection

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management