Security News > 2023 > October > Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now
2023-10-05 03:28
Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to
News URL
https://thehackernews.com/2023/10/atlassian-confluence-hit-by-newly.html
Related news
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- CrushFTP warns users to patch exploited zero-day “immediately” (source)
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Apple backports iOS zero-day patch, adds Bluetooth tracker alert (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-22515 | Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. | 9.8 |