Thursday, January 9, 2025
Homecyber securityAtlassian Urged Customers to Fix Critical Confluence Flaw Right Away!

Atlassian Urged Customers to Fix Critical Confluence Flaw Right Away!

Published on

Atlassian has been reported with a critical vulnerability in their Confluence Software, which several organizations have widely adopted.

The CVE for this vulnerability has been assigned as CVE-2023-22518, and the severity has been given as 9.1 (Critical).

Atlassian has addressed this vulnerability in its recent security advisory and fixed it on its latest version. Additionally, they have also released affected versions of Confluence for this vulnerability.

CVE-2023-22518 – Improper Authorization Vulnerability

This vulnerability affects Confluence Data Center and Server customers, potentially leading to significant data loss if exploited by an unauthenticated threat actor. Atlassian hasn’t released any additional details about this vulnerability.

“As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker. There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances. Please read the Critical Security Advisory below for instructions and vulnerability details,” reads the advisory by Atlassian.

Atlassian also confirmed that publicly accessible Confluence Data Center and Server versions are at critical risk and require immediate attention.

Affected Versions and Fix 

ProductAffected VersionsFixed Versions
Confluence Data Center and ServerAll versions are affected7.19.16 or later8.3.4 or later8.4.4 or later8.5.3 or later8.6.1 or later

Mitigation

To mitigate this issue, Atlassian has recommended their users “Back up the instance” and, if possible, “Remove the instance from the internet until this can be patched.”

Users of these products should upgrade to the latest versions to prevent these vulnerabilities from getting exploited. 

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Researchers Reveal Exploitation Techniques of North Korean Kimsuky APT Group

Since 2013, the advanced persistent threat (APT) known as Kimsuky, which the North Korean...

Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers

Researchers observed the Gayfemboy botnet in early 2024 as a basic Mirai variant. Still,...

Gravy Analytics Hit by Cyberattack, Hackers Allegedly Stole data

Gravy Analytics, a prominent player in location intelligence, has reportedly fallen victim to a...

Chrome Security Update – Patch for Multiple Security Vulnerabilities

Google has released an update for its Chrome web browser, advancing to version 131.0.6778.264/.265...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Researchers Reveal Exploitation Techniques of North Korean Kimsuky APT Group

Since 2013, the advanced persistent threat (APT) known as Kimsuky, which the North Korean...

Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers

Researchers observed the Gayfemboy botnet in early 2024 as a basic Mirai variant. Still,...

Gravy Analytics Hit by Cyberattack, Hackers Allegedly Stole data

Gravy Analytics, a prominent player in location intelligence, has reportedly fallen victim to a...