Atlassian patches under-attack Confluence zero-day

8 months ago AndyC

Atlassian is warning that some instances of its Confluence data centre and server software may have been exploited and has moved to patch the products.

Atlassian patches under-attack Confluence zero-day

Atlassian is warning that some instances of its Confluence data centre and server software may have been exploited and has moved to patch the products.




Atlassian patches under-attack Confluence zero-day










The company’s advisory said the critical-rated bug, CVE-2023-22515, may have been exploited in some customers, to “create unauthorised Confluence administrator accounts and access Confluence instances.”

The company said cloud instances accessed via an Atlassian domain are not affected.

The bug affects Confluence data centre and server versions between 8.0.0 and 8.5.1; versions prior to that are not affected.

The patch has been applied to version 8.3.3, 8.4.3, or 8.5.2 and later.

In a blog post, Cloudflare said it was alerted to the bug by Atlassian ahead of the advisory and had applied web application firewall rules to prevent exploitation for its customers.

Customers not yet able to patch can restrict network access to affected instances, Atlassian’s advisory stated.

They can also block access to the /setup/* endpoints on Confluence instances.

The company said indicators of compromise include the presence of unexpected, newly created user accounts; unexpected members of the admin group; log entries showing requests to /setup/*.action; or a log entry containing an exception message containing /setup/setupadministrator.action.



About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Too much of a good thing? How security sprawl can weaken defences

Too much of a good thing? How security sprawl can weaken defences

1 day ago AndyC
Kinsing malware exploits Apache Tomcat on Linux clouds

Kinsing malware exploits Apache Tomcat on Linux clouds

1 day ago AndyC
LogicMonitor launches LM Cost Optimisation tool for businesses

LogicMonitor launches LM Cost Optimisation tool for businesses

1 day ago AndyC
Organisations battle AI risks amid rise in supply chain attacks

Organisations battle AI risks amid rise in supply chain attacks

1 day ago AndyC
AUCloud Ramps Expands its Senior Leadership Team

AUCloud Ramps Expands its Senior Leadership Team

1 day ago AndyC
Cyberattacks exploiting trusted ties spanned over a month in 2023

Cyberattacks exploiting trusted ties spanned over a month in 2023

1 day ago AndyC

You may have missed

The who, where, and how of APT attacks – Week in security with Tony Anscombe

The who, where, and how of APT attacks – Week in security with Tony Anscombe

2 hours ago AndyC
Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

11 hours ago AndyC

Friday Squid Blogging: Emotional Support Squid

11 hours ago AndyC

How to Protect Yourself on Social Networks

17 hours ago AndyC
Nissan reveals ransomware attack exposed 53,000 workers' social security numbers

Nissan reveals ransomware attack exposed 53,000 workers’ social security numbers

17 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.