ASD alerts industry on RCE vulnerability in Atlassian Confluence Data…

4 months ago AndyC

In an Australian cyber security national alert to industry, the ASD’s ACSC has alerted its subscribers that it is tracking a remote code execution (RCE) vulnerability in Atlassian Confluence Data Center and Confluence Ser

ASD alerts industry on RCE vulnerability in Atlassian Confluence Data…


In an Australian cyber security national alert to industry, the ASD’s ACSC has alerted its subscribers that it is tracking a remote code execution (RCE) vulnerability in Atlassian Confluence Data Center and Confluence Server.

The ASD ACSC advised; “CVE-2023-22527 is a template injection vulnerability, in all but the most recent versions of Confluence Data Center and Server, that allows an unauthenticated attacker to achieve RCE.

Affected versions include Server 8 versions released before 05 December 2023 and 8.4.5.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

ASD’s ACSC says it is not aware of active exploitation of CVE-2023-22527 at this time.

Mitigation

Australian organisations should review their networks for use of vulnerable instances of Atlassian Confluence Data Center and Confluence Server, and consult Atlassian’s customer advisory for mitigation advice.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , ,

More Stories

Nick Ellsmore to Lead Mantel Group’s Cybersecurity Capabilities

Nick Ellsmore to Lead Mantel Group’s Cybersecurity Capabilities

54 mins ago AndyC
NBN Co CEO Stephen Rue to lead Optus

NBN Co CEO Stephen Rue to lead Optus

54 mins ago AndyC
Rapid detection and response are the foundation of an effective cloud security strategy

Rapid detection and response are the foundation of an effective cloud security strategy

54 mins ago AndyC
Why e-commerce security is a balancing act between speed and protection

Why e-commerce security is a balancing act between speed and protection

54 mins ago AndyC
How the evolution of AI will reshape cybersecurity

How the evolution of AI will reshape cybersecurity

54 mins ago AndyC
Australian firms hindered by internal comms in tackling cyber threats

Australian firms hindered by internal comms in tackling cyber threats

54 mins ago AndyC

You may have missed

Nick Ellsmore to Lead Mantel Group’s Cybersecurity Capabilities

Nick Ellsmore to Lead Mantel Group’s Cybersecurity Capabilities

54 mins ago AndyC
NBN Co CEO Stephen Rue to lead Optus

NBN Co CEO Stephen Rue to lead Optus

54 mins ago AndyC
Rapid detection and response are the foundation of an effective cloud security strategy

Rapid detection and response are the foundation of an effective cloud security strategy

54 mins ago AndyC
Why e-commerce security is a balancing act between speed and protection

Why e-commerce security is a balancing act between speed and protection

54 mins ago AndyC
How the evolution of AI will reshape cybersecurity

How the evolution of AI will reshape cybersecurity

54 mins ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.