Executive summary

Atlassian has published a security advisory warning users of an active exploitation of a critical vulnerability in all versions of Atlassian Confluence Data Center and Server, which could allow an unauthenticated attacker to perform actions with administrative functions. The vulnerability has been added to the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog.

What’s the risk to me or my business?

There is a risk that organisations operating a vulnerable version are leaving themselves at risk of allowing an unauthenticated attacker to reset confluence and create an administrator account. Atlassian has stated that exploitation can lead to a full loss of confidentiality, integrity and availability. This vulnerability affects all versions of Atlassian Confluence Data Center and Server.

What can I do?

Black Arrow recommends following Atlassian’s advice and applying updates immediately, which can be found in their advisory linked below. Atlassian have stated that publicly accessible Confluence Data Center and Server versions in particular, are at critical risk of exploitation.

In the event that you are unable to apply the updates, mitigations have been provided by Atlassian, however updates should be applied as soon as possible. The fixed versions of Confluence Data Center and Server are as follows:

• 7.19.16

• 8.3.4

• 8.4.4

• 8.5.3

• 8.6.1

Technical Summary

CVE-2023-22518-  An improper authorisation vulnerability in Atlassian Confluence Data Center and Server.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Further information can be found here:

https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html

https://nvd.nist.gov/vuln/detail/CVE-2023-22518  

#threatadvisory #threatintelligence #cybersecurity