Security News > 2023 > October > IT networks under attack via critical Confluence zero-day. Patch now
Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.
"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances," according to a Wednesday advisory from the software giant.
A spokesperson declined to answer specific comments about the vulnerability, and how many customers were compromised, though did confirm Atlassian Cloud sites are not impacted.
Admins can also mitigate known attack vectors by not allowing access to the /setup/* endpoints on Confluence instances.
In a separate advisory, infosec shop Rapid7 weighed in on the CVE, with researcher Caitlin Condon noting: "Atlassian does not specify the root cause of the vulnerability or where exactly the flaw resides in Confluence implementations, though the indicators of compromise include mention of the /setup/* endpoints."
Condon also said it's "Unusual" but "Not unprecedented" for a privilege-escalation vulnerability to earn a critical severity rating.
News URL
Related news
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)