Security News > 2023 > October > Critical Atlassian Confluence vulnerability exploited by state-backed threat actor
A critical flaw in Atlassian Confluence Data Center and Server has been exploited by a state-backed threat actor, Microsoft's threat analysts have pinpointed.
CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data Center and Server versions 8.0.0 and later, but then re-classified as an issue stemming from broken access control.
Atlassian said on October 5 that multiple customers have reported attacks in which external attackers have used the flaw to create unauthorized Confluence administrator accounts and access Confluence instances.
Microsoft's security experts said today that they have observed a nation-state threat actor they dubbed Storm-0062 exploiting CVE-2023-22515 since September 14.
"Atlassian indicated that this vulnerability was exploited in the wild as a zero-day vulnerability, prior to their knowledge or a patch being available. The observed attacker behavior included leveraging CVE-2023-22515 to create a new administrator user, but we believe that this is not the only way the vulnerability could be used," Rapid7 security researcher Stephen Fewer noted.
"Our analysis concludes that this vulnerability is remotely exploitable by an unauthenticated attacker, and can be leveraged to create a new administrator account on the target Confluence server. This can lead to a total loss of integrity and confidentiality of the data held in the server. Since the root cause of the vulnerability allows an attacker to modify critical configuration settings, an attacker may not be limited to creating a new administrator - there may be further avenues of exploitation available."
News URL
https://www.helpnetsecurity.com/2023/10/11/exploited-cve-2023-22515/
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-04 | CVE-2023-22515 | Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. | 9.8 |