Detections
Analytics
CVE-2023-22515
critical
Description
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
From the Tenable Blog
CVE-2023-22515: Zero-Day Vulnerability in Atlassian Confluence Data Center and Server Exploited in the Wild
Published: 2023-10-04
A critical zero-day vulnerability in Atlassian Confluence Data Center and Server has been exploited in the wild in a limited number of cases. Organizations should patch or apply the mitigation steps as soon as possible.
References
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
https://www.greynoise.io/blog/spike-in-atlassian-exploitation-attempts-patching-is-crucial
https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html?&web_view=true
https://jira.atlassian.com/browse/CONFSERVER-92475
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515