Security News > 2023 > October > IT networks under attack via critical Confluence zero-day. Patch now

Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.
"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances," according to a Wednesday advisory from the software giant.
A spokesperson declined to answer specific comments about the vulnerability, and how many customers were compromised, though did confirm Atlassian Cloud sites are not impacted.
Admins can also mitigate known attack vectors by not allowing access to the /setup/* endpoints on Confluence instances.
In a separate advisory, infosec shop Rapid7 weighed in on the CVE, with researcher Caitlin Condon noting: "Atlassian does not specify the root cause of the vulnerability or where exactly the flaw resides in Confluence implementations, though the indicators of compromise include mention of the /setup/* endpoints."
Condon also said it's "Unusual" but "Not unprecedented" for a privilege-escalation vulnerability to earn a critical severity rating.
News URL
Related news
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)