Security News > 2023 > October > Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian
Atlassian has told customers they "Must take immediate action" to address a newly discovered flaw in its Confluence collaboration tool.
An advisory issued on October 31st warns of CVE-2023-22518, described as an "Improper authorization vulnerability in Confluence Data Center and Server", the on-prem versions of Atlassian's products.
All versions of Confluence are susceptible to the bug, which Atlassian rates at 9.1/10 severity on the ten-point Common Vulnerability Scoring System.
The fix is simple: upgrade immediately to version of Confluence that have patched the mysterious flaw.
Atlassian suggests disconnecting Confluence instances from the public internet.
Users of SaaS-y Confluence in Atlassian's cloud have nothing to worry about.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/31/critical_atlassian_confluence_flaw/
Related news
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns (source)
- SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2023-22518 | Incorrect Authorization vulnerability in Atlassian Confluence Data Center All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. | 9.8 |