Atlassian Urges Patching Against Data Loss VulnerabilityExploit Goes Public But No Sign of Active Exploitation
Atlassian added new urgency Thursday to a warning that customers with on-premises Confluence servers should patch immediately to protect against a vulnerability that attackers could exploit to destroy data. A publicly available exploit now exists for the vulnerability, disclosed Tuesday and tracked as CVE-2023-22518, the company disclosed.
The content collaboration and management workspace developer said it has not seen reports of active exploitation, "though customers must take immediate action to protect their instances."
The flaw affects all versions of Atlassian Confluence Data Center and Confluence Server software. Attackers could use the vulnerability to cause loss of data but not to exfiltrate data.
This marks the second time this month Atlassian Confluence administrators have been told to urgently patch. Apparent nation-state hackers exploited a zero-day in the collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, the company disclosed Oct. 4 (see: Attackers Exploiting Atlassian Confluence Software Zero-Day).
The U.S. Cybersecurity and Infrastructure Security Agency on Thursday urged administrators to either upgrade their software immediately or apply mitigation measures. These measures include creating backups of unpatched instances and restricting internet access to unpatched servers until they can be updated.
Atlassian cautioned that "mitigation actions are limited and not a replacement for patching your instance; you must patch as soon as possible."
Daniel Miessler, founder of Unsupervised Learning and former head of business intelligence of information security at Apple, called the latest advisory "interesting" because usually similar vulnerabilities allow attackers to read but not to delete. "This one appears to be the opposite. That being said, we should expect those attacks to be starting now if they haven't been going on for a while already," he tweeted.
The company said that Atlassian Cloud sites accessed through an
atlassian.net domain are unaffected by the vulnerability.