Atlassian warns of exploit for Confluence data wiping bug, get patching

Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper authorization vulnerability with a 9.1/10 severity rating affecting all versions of Confluence Data Center and Confluence Server software. Atlassian warned in an update to the original advisory that it found a publicly available exploit that puts publicly accessible instances at critical risk. "As part of Atlassian's ongoing monitoring of this CVE, we observed publicly posted critical information about the vulnerability which increases risk of exploitation," the company said. "There are still no reports of an active exploit, though customers must take immediate action to protect their instances. If you already applied the patch, no further action is required." While attackers can exploit the vulnerability to wipe data on impacted servers, it cannot be used to steal data stored on vulnerable instances. It's also important to mention that Atlassian Cloud sites accessed through an atlassian.net domain are unaffected, according to Atlassian. Today's warning follows another one issued by Atlassian's Chief Information Security Officer Bala Sathiamurthy when the vulnerability was patched on Tuesday. "As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker," said Sathiamurthy. Atlassian fixed the critical CVE-2023-22518 vulnerability in Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1. If you can't immediately patch your Confluence instances, you can also remove known attack vectors by blocking access on the following endpoints by modifying the //confluence/WEB-INF/web. "These mitigation actions are limited and not a replacement for patching your instance; you must patch as soon as possible," Atlassian warned. Last month, CISA, FBI, and MS-ISAC warned defenders to urgently patch Atlassian Confluence servers against an actively exploited privilege escalation flaw tracked as CVE-2023-22515. Microsoft later discovered that a Chinese-backed threat group tracked as Storm-0062 had exploited the flaw as a zero-day since September 14, 2023. Securing vulnerable Confluence servers is crucial, given their prior targeting in widespread attacks that pushed AvosLocker and Cerber2021 ransomware, Linux botnet malware, and crypto miners. Atlassian warns of critical Confluence flaw leading to data loss. CISA, FBI urge admins to patch Atlassian Confluence immediately. VMware warns admins of public exploit for vRealize RCE flaw. Microsoft: State hackers exploiting Confluence zero-day since September. Atlassian patches critical Confluence zero-day exploited in attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Atlassian warns of exploit for Confluence data wiping bug, get patching

Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
11 months ago Bleepingcomputer.com
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks - Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as ...
11 months ago Bleepingcomputer.com
Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
10 months ago Packetstormsecurity.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
9 months ago Bleepingcomputer.com
Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps - It's time to patch again: Four critical security vulnerabilities in Atlassian software open the door to remote code execution and subsequent lateral movement within enterprise environments. They are just the latest bugs to surface of late in the ...
11 months ago Darkreading.com
Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances - Enterprise software maker Atlassian on Tuesday warned of a critical vulnerability in out-of-date Confluence Data Center and Server versions that could be exploited for remote code execution, without authentication. The issue, tracked as ...
9 months ago Securityweek.com
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers - Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a ...
11 months ago Thehackernews.com
Atlassian Patches Critical Remote Code Execution Vulnerabilities - Business software maker Atlassian this week announced updates that address critical-severity remote code execution vulnerabilities in Confluence and other products. Atlassian, which rates the vulnerability with a CVSS score of 9.0, notes that an ...
11 months ago Securityweek.com
Atlassian Confluence Server RCE attacks underway The Register - More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver. Atlassian ...
9 months ago Go.theregister.com
Attacks begin on critical Atlassian Confluence vulnerability - Multiple cybersecurity organizations have observed exploitation attempts against a critical Atlassian Confluence vulnerability that was disclosed and patched last week. In a security advisory published on Jan. 16, Atlassian detailed a remote code ...
9 months ago Techtarget.com
CVE-2019-15006 - There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence ...
2 years ago
Debunking Myths About Linux Kernel Patching - As the kernel evolves to meet the demands of modern computing, patching becomes essential to keep it secure. There are some myths and misconceptions about Linux kernel patching that often discourage users from carrying out this crucial task. In this ...
10 months ago Securityboulevard.com
Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE - A max-critical unauthenticated remote code execution vulnerability is impacting Atlassian Confluence Data Center and Confluence Server, in all versions released before Dec. 5. Unpatched organizations should prepare to defend against everything from ...
9 months ago Darkreading.com
CVE-2023-22505 - This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. ...
1 year ago
CVE-2023-22526 - This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. ...
9 months ago
CVE-2024-21677 - This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which ...
7 months ago
CVE-2024-21672 - This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. ...
9 months ago
CVE-2024-21673 - This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. ...
9 months ago
CVE-2024-21674 - This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. ...
9 months ago
CVE-2023-22508 - This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an ...
10 months ago
Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
11 months ago Bleepingcomputer.com
CVE-2024-21678 - This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. ...
1 week ago
Atlassian reveals critical Confluence RCE flaw, urges "immediate action" - Atlassian has patched a critical vulnerability in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.4 LTS and 8.6.0 ...
9 months ago Helpnetsecurity.com
VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)