Security News > 2023 > October > IT networks under attack via critical Confluence zero-day. Patch now

Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.

"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances," according to a Wednesday advisory from the software giant.

A spokesperson declined to answer specific comments about the vulnerability, and how many customers were compromised, though did confirm Atlassian Cloud sites are not impacted.

Admins can also mitigate known attack vectors by not allowing access to the /setup/* endpoints on Confluence instances.

In a separate advisory, infosec shop Rapid7 weighed in on the CVE, with researcher Caitlin Condon noting: "Atlassian does not specify the root cause of the vulnerability or where exactly the flaw resides in Confluence implementations, though the indicators of compromise include mention of the /setup/* endpoints."

Condon also said it's "Unusual" but "Not unprecedented" for a privilege-escalation vulnerability to earn a critical severity rating.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/04/critical_confluence_privilege_escalation_bug/