Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit


Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.



A critical privilege-escalation vulnerability in Atlassian Confluence Server and Confluence Data Center has been disclosed, with evidence of exploitation in the wild as a zero-day bug.
The flaw (CVE-2023-22515) affects on-premises instances of the platforms, in versions 8.0.0 and after.
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances, according to
Atlassians advisory on CVE-2023-22515
, released late on Oct. 4.
Atlassian didnt provide a CVSSv3 score, but according to its
internal severity level ratings
, the score would be in the range of 9 to 10.
The stakes are high. Many organizations use Confluence for project management and collaboration among teams scattered across on-premises and remote locations. Often Confluence environments can house sensitive data on both internal projects as well as its customers and partners.
The critical designation is a fairly rare one for privilege escalation issues, Rapid7 researcher Caitlin Condon pointed out in an
alert on the Confluence bug
.
However, the Atlassian advisory goes on to note that instances on the public Internet are particularly at risk, as this vulnerability is exploitable anonymously, indicating that its remotely exploitable, she explained — a rare situation. She noted that the critical rating is typically more consistent with an authentication bypass or remote code-execution chain than a privilege-escalation issue by itself.
However, Condon added, Its possible that the vulnerability could allow a regular user account to elevate to admin — notably, Confluence allows for new user sign-ups with no approval, but this feature is disabled by default.
Atlassian has issued a patch; fixed versions are: 8.3.3 or later; 8.4.3 or later; and 8.5.2 (Long Term Support release) or later.
As far as other protection options, Atlassian doesnt specify where the bug resides or any other technical details, though it does note that known attack vectors can be mitigated by blocking access to the /setup/* endpoints on Confluence instances, which is a good indicator of where the problem resides.
Admins should restrict external network access to vulnerable systems until they can be upgraded, and Atlassian recommends checking all affected Confluence instances for the indicators of compromise (IoCs) listed in the advisory.
Patching should be top-of-mind; Atlassian is
a known target for cyberattackers
, as evidenced by the current zero-day exploitation, but theres also further precedent. In June 2022,
Atlassian disclosed another critical zero-day vulnerability
affecting Confluence Server and Data Center (CVE-2022-26134), this one a more typical remote code execution vulnerability. Proof-of-concept scripts and mass exploitation quickly followed the disclosure,
peaking at 100,000 exploitation attempts daily
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit