Friday, March 1, 2024

Atlassian warns of exploit for Confluence knowledge wiping bug, get patching


Atlassian

Atlassian warned admins {that a} public exploit is now obtainable for a vital Confluence safety flaw that can be utilized in knowledge destruction assaults focusing on Web-exposed and unpatched situations.

Tracked as CVE-2023-22518, that is an improper authorization vulnerability with a 9.1/10 severity ranking affecting all variations of Confluence Information Heart and Confluence Server software program.

Atlassian warned in an replace to the unique advisory that it discovered a publicly obtainable exploit that places publicly accessible situations at vital danger.

“As a part of Atlassian’s ongoing monitoring of this CVE, we noticed publicly posted vital details about the vulnerability which will increase danger of exploitation,” the corporate stated.

“There are nonetheless no stories of an energetic exploit, although prospects should take fast motion to guard their situations. In the event you already utilized the patch, no additional motion is required.”

Whereas attackers can exploit the vulnerability to wipe knowledge on impacted servers, it can’t be used to steal knowledge saved on weak situations. It is also vital to say that Atlassian Cloud websites accessed by way of an atlassian.internet area are unaffected, based on Atlassian.

Right now’s warning follows one other one issued by Atlassian’s Chief Data Safety Officer (CISO) Bala Sathiamurthy when the vulnerability was patched on Tuesday.

“As a part of our steady safety evaluation processes, we’ve found that Confluence Information Heart and Server prospects are weak to vital knowledge loss if exploited by an unauthenticated attacker,” stated Sathiamurthy.

“There are not any stories of energetic exploitation at the moment; nonetheless, prospects should take fast motion to guard their situations.”

Atlassian fastened the vital CVE-2023-22518 vulnerability in Confluence Information Heart and Server variations 7.19.16, 8.3.4, 8.4.4, 8.5.3, and eight.6.1.

Mitigation measures obtainable

The corporate urged admins to improve their software program instantly and, if that is not potential, to use mitigation measures, together with backing up unpatched situations and blocking Web entry to unpatched servers till they’re up to date.

If you cannot instantly patch your Confluence situations, you too can take away identified assault vectors by blocking entry on the next endpoints by modifying the /<confluence-install-dir>/confluence/WEB-INF/net.xml as defined within the advisory and restarting the weak occasion:

  1. /json/setup-restore.motion
  2. /json/setup-restore-local.motion
  3. /json/setup-restore-progress.motion

“These mitigation actions are restricted and never a alternative for patching your occasion; you need to patch as quickly as potential,” Atlassian warned.

Final month, CISA, FBI, and MS-ISAC warned defenders to urgently patch Atlassian Confluence servers in opposition to an actively exploited privilege escalation flaw tracked as CVE-2023-22515.

Microsoft later found {that a} Chinese language-backed risk group tracked as Storm-0062 (aka DarkShadow or Oro0lxy) had exploited the flaw as a zero-day since September 14, 2023.

Securing weak Confluence servers is essential, given their prior focusing on in widespread assaults that pushed AvosLocker and Cerber2021 ransomware, Linux botnet malware, and crypto miners.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles