Security News > 2024 > January > Atlassian Confluence Server RCE attacks underway from 600+ IPs
More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver.
The CVE scored a CVSS rating of 10 out of 10, and it affects Confluence Data Center and Server 8 versions released before December 5, 2023 and versions up to 8.4.5.
Atlassian hasn't updated its CVE-2023-22527 security advisory to indicate any instances of Confluence Server being under active exploitation.
The issue has already been corrected in a previous release of Confluence Server and Data Center.
Atlassian security may soon become even more challenged: on February 15th the Aussie software company ends support for its Server products, with vastly more expensive Datacenter products or a cloud migration the alternatives.
An Atlassian partner recently told The Register that forty percent of its clientele intends to continue using the unsupported products despite Atlassian insisting it won't provide patches.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/22/atlassian_confluence_server_rce/
Related news
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-16 | CVE-2023-22527 | Injection vulnerability in Atlassian Confluence Data Center and Confluence Server A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. | 9.8 |