Security News > 2023 > November > Atlassian Confluence data-wiping vulnerability exploited
Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances' database, Greynoise is observing.
"Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch," Atlassian advised.
On November 2, Atlassian CISO Bala Sathiamurthy confirmed that there was "Publicly posted critical information about the vulnerability which increases risk of exploitation." The day after, the company confirmed that they received a customer report of an active exploit.
While the vulnerability does not allow attackers to exfiltrate data, Atlassian says that if an instance has been compromised customers might experience significant data loss, and might not be able to connect to their instance's URL or to properly authenticate to the instance anymore.
"Since the attack consists of resetting the instance's content, recovering from a previous backup is the only way of recovering your data. If you believe your Confluence instance was compromised, contact Atlassian Support as Atlassian assistance is required to recover your instance," the company added.
Customers lucky enough not to be hit should update their Confluence installation quickly, or back up their instance's data and remove their instance from the public internet to minimize risk of exploitation.
News URL
https://www.helpnetsecurity.com/2023/11/06/cve-2023-22518-exploit/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2023-22518 | Incorrect Authorization vulnerability in Atlassian Confluence Data Center All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. | 9.8 |