Security News > 2023 > November > Atlassian Confluence data-wiping vulnerability exploited

Atlassian Confluence data-wiping vulnerability exploited
2023-11-06 10:08

Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances' database, Greynoise is observing.

"Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch," Atlassian advised.

On November 2, Atlassian CISO Bala Sathiamurthy confirmed that there was "Publicly posted critical information about the vulnerability which increases risk of exploitation." The day after, the company confirmed that they received a customer report of an active exploit.

While the vulnerability does not allow attackers to exfiltrate data, Atlassian says that if an instance has been compromised customers might experience significant data loss, and might not be able to connect to their instance's URL or to properly authenticate to the instance anymore.

"Since the attack consists of resetting the instance's content, recovering from a previous backup is the only way of recovering your data. If you believe your Confluence instance was compromised, contact Atlassian Support as Atlassian assistance is required to recover your instance," the company added.

Customers lucky enough not to be hit should update their Confluence installation quickly, or back up their instance's data and remove their instance from the public internet to minimize risk of exploitation.


News URL

https://www.helpnetsecurity.com/2023/11/06/cve-2023-22518-exploit/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-22518 Incorrect Authorization vulnerability in Atlassian Confluence Data Center
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability.
network
low complexity
atlassian CWE-863
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412