Security News > 2023 > October > IT networks under attack via critical Confluence zero-day. Patch now
Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.
"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances," according to a Wednesday advisory from the software giant.
A spokesperson declined to answer specific comments about the vulnerability, and how many customers were compromised, though did confirm Atlassian Cloud sites are not impacted.
Admins can also mitigate known attack vectors by not allowing access to the /setup/* endpoints on Confluence instances.
In a separate advisory, infosec shop Rapid7 weighed in on the CVE, with researcher Caitlin Condon noting: "Atlassian does not specify the root cause of the vulnerability or where exactly the flaw resides in Confluence implementations, though the indicators of compromise include mention of the /setup/* endpoints."
Condon also said it's "Unusual" but "Not unprecedented" for a privilege-escalation vulnerability to earn a critical severity rating.
News URL
Related news
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)