Atlassian has issued patches for all supported versions of Confluence Data Center and Server before 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1 and strongly advised customers to apply patches immediately.
Australia’s leading software firm Atlassian has issued an emergency patch for a critical security flaw that can allow unauthenticated actors to cause “significant data loss” if exploited. The company has released an advisory this week to warn customers after state-backed hackers tried to target its products recently. The vulnerability is rated 9.1 out of 10 on the vulnerability severity scoring system and is tracked as CVE-2023-22518.
The vulnerability is an improper authorization flaw that can allow an attacker to access sensitive data like user accounts, passwords, and confidential information. According to the company’s advisory, the flaw affects Atlassian Confluence Data Center and Server’s on-premise versions.
For your information, Atlassian Confluence is a popular collaborative wiki system enterprises use to organize/share work. A few weeks back, it was targeted by Chinese state-sponsored hackers. They exploited the bug with another 10.0 maximum-rated flaw to compromise Atlassian customers.
Atlassian has issued patches for all supported versions of Confluence Data Center and Server before 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1 and strongly advised customers to apply patches immediately. The company hasn’t shared more details on the flaw.
“Versions outside of the support window (i.e. versions that have reached End of Life) may also be affected, so Atlassian recommends you upgrade to a fixed LTS version or later. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.” Atlassian stated.
The company claims that as of October 31st, there were no reports of the vulnerability being actively exploited. Moreover, Atlassian noted that data confidentiality will not be impacted because an attacker cannot exfiltrate “any instance data.”
However, it has requested all users of publicly accessible on-premise Confluence products to be upgraded. Admins unable to patch immediately are advised to create a backup and remove the product from the internet temporarily to restrict access from external networks until patched.
Also included in the advisory was a message from Atlassian’s CISO, Bala Sathaimurthy, who stated that customers should take “immediate action.” Apart from installing security patches, they must use strong passwords for all Confluence accounts and keep Confluence products updated. They must regularly monitor Confluence activity to detect suspicious actions timely and only allow authorized individuals to access Confluence.
- IT Security firm Qualys extorted by Clop gang after data breach
- Human Error: Casio ClassPad Data Breach Impacting 148 Countries
- Massive MOVEit Hack: 630K+ US Defense Officials’ Emails Breached
- Cisco Web UI Vulnerability Exploited Massly, Impacting Over 40K Devices