Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper authorization vulnerability with a 9.1/10 severity rating affecting all versions of Confluence Data Center and Confluence Server software. Atlassian warned in an update to the original advisory that it found a publicly available exploit that puts publicly accessible instances at critical risk. "As part of Atlassian's ongoing monitoring of this CVE, we observed publicly posted critical information about the vulnerability which increases risk of exploitation," the company said. "There are still no reports of an active exploit, though customers must take immediate action to protect their instances. If you already applied the patch, no further action is required." While attackers can exploit the vulnerability to wipe data on impacted servers, it cannot be used to steal data stored on vulnerable instances. It's also important to mention that Atlassian Cloud sites accessed through an atlassian.net domain are unaffected, according to Atlassian. Today's warning follows another one issued by Atlassian's Chief Information Security Officer Bala Sathiamurthy when the vulnerability was patched on Tuesday. "As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker," said Sathiamurthy. Atlassian fixed the critical CVE-2023-22518 vulnerability in Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1. If you can't immediately patch your Confluence instances, you can also remove known attack vectors by blocking access on the following endpoints by modifying the /
/confluence/WEB-INF/web. "These mitigation actions are limited and not a replacement for patching your instance; you must patch as soon as possible," Atlassian warned. Last month, CISA, FBI, and MS-ISAC warned defenders to urgently patch Atlassian Confluence servers against an actively exploited privilege escalation flaw tracked as CVE-2023-22515. Microsoft later discovered that a Chinese-backed threat group tracked as Storm-0062 had exploited the flaw as a zero-day since September 14, 2023. Securing vulnerable Confluence servers is crucial, given their prior targeting in widespread attacks that pushed AvosLocker and Cerber2021 ransomware, Linux botnet malware, and crypto miners. Atlassian warns of critical Confluence flaw leading to data loss. CISA, FBI urge admins to patch Atlassian Confluence immediately. VMware warns admins of public exploit for vRealize RCE flaw. Microsoft: State hackers exploiting Confluence zero-day since September. Atlassian patches critical Confluence zero-day exploited in attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000