Atlassian users need to patch their Confluence instances now to avoid data being destroyed by hackers

News
By
published

A new flaw allows threat actors to destroy sensitive data

A digital padlock on a blue digital background.
(Image credit: Shutterstock / vs148)

Confluence users can’t seem to catch a break, as makers Atlassian warn of yet another high-severity flaw that’s being abused in the wild.

This time, the vulnerability in question is an improper authorization flaw found in all versions of Confluence Data Center and Confluence Server. It’s being tracked as CVE-2023-22518 and carries a severity score of 9.1.

Hackers can use it to destroy data found on the affected servers. It seems as if they can’t steal the data, though, as Atlassian said there was “no impact to confidentiality as an attacker cannot exfiltrate any instance data”. What’s more, Atlassian Cloud sites accessed through an atlassian.net domain appear to be immune to the flaw. 

No exploitation yet

"As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker," said Bala Sathiamurthy, Atlassian's Chief Information Security Officer (CISO), in an article on the company's website.

"There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances," he added.

Atlassian addressed the vulnerability and patched Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.

Users are advised to apply the fix immediately. If, for any reason, they can’t do that, they should deploy mitigation measures, including backing up unpatched instances and blocking Internet access until they're upgraded.

"Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch," the company said.

In mid-October this year, the FBI, CISA, and other agencies urged admins to apply a fix and secure their endpoints from CVE-2023-22515, another flaw found in Atlassian Confluence servers. 

"Due to the ease of exploitation, CISA, FBI, and MS-ISAC expect to see widespread exploitation of unpatched Confluence instances in government and private networks," the agencies warned at the time. 

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.