CISA Warns of Actively Exploited Atlassian Confluence Security Flaw

On November 7, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) warned network administrators to immediately patch their Atlassian Confluence Data Center and Server installations against a critical severity flaw that is actively being exploited in attacks.

Tracked as CVE-2023-22518, this critical improper authorization vulnerability affects all Confluence Data Center and Server versions and allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrators, leading to a full loss of confidentiality, integrity, and availability.

Last Tuesday, Atlassian issued a clarion call in the form of security updates. The message was crystal clear: patch now, or face the digital equivalent of a wipeout. “The threat landscape is as unforgiving as it is unpredictable,” stated Bala Sathiamurthy, Atlassian’s Chief Information Security Officer. “Without immediate remediation, our customers stand on the precipice of significant data loss.”

Data from ShadowServer, a threat monitoring service, there are currently more than 24,000 Confluence instances exposed online.

The weekend brought more unsettling news as GreyNoise, a threat intelligence company, detected the stirrings of widespread exploitation. Starting Sunday, November 5, the digital landscape began to quiver with the echoes of CVE-2023-22518’s exploitation, signaling a potentially devastating start to the week.

Rapid7, a cybersecurity firm with its finger on the pulse of the internet’s security health, has observed a surge in attacks aimed squarely at Atlassian Confluence servers. These nefarious activities are not just opportunistic jabs but coordinated strikes, exploiting not only the newfound CVE-2023-22518 but also using a previous critical privilege escalation vulnerability, CVE-2023-22515.

In response to this dire situation, Atlassian has fortified Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1 with patches designed to repel these intrusive attacks. Meanwhile, Federal Civilian Executive Branch (FCEB) agencies have time till November 28, 2023, to apply the patches to secure their networks against potential threats.