Security News > 2023 > November > Atlassian warns of exploit for Confluence data wiping bug, get patching

Atlassian warns of exploit for Confluence data wiping bug, get patching
2023-11-02 21:46

Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.

Tracked as CVE-2023-22518, this is an improper authorization vulnerability with a 9.1/10 severity rating affecting all versions of Confluence Data Center and Confluence Server software.

While attackers can exploit the vulnerability to wipe data on impacted servers, it cannot be used to steal data stored on vulnerable instances.

"As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker," said Sathiamurthy.

Atlassian fixed the critical CVE-2023-22518 vulnerability in Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.

Atlassian warns of critical Confluence flaw leading to data loss.


News URL

https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-for-confluence-data-wiping-bug-get-patching/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-22518 Incorrect Authorization vulnerability in Atlassian Confluence Data Center
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability.
network
low complexity
atlassian CWE-863
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 56 275 59 36 426