Known Exploited Vulnerability - Atlassian Patches Critical Confluence Zero-Day - 20231006001

Overview

Atlassian has released a critical security advisory regarding reports of external attackers exploiting a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.

What is the vulnerability?

• CVE-2023-22515 - CVSS v3 Base Score: 10

What is vulnerable?

The vulnerability affects the following products:

• Confluence Data Center and Confluence Server
  • 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • 8.1.0, 8.1.1, 8.1.3, 8.1.4
  • 8.2.0, 8.2.1, 8.2.2, 8.2.3
  • 8.3.0, 8.3.1, 8.3.2
  • 8.4.0, 8.4.1, 8.4.2
  • 8.5.0, 8.5.1

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions and mitigations as per vendor instructions to all affected devices within expected timeframe of 46 Hours... (refer Patch Management):

• https://confluence.atlassian.com/security/cve-2023-22515-broken-access-control-vulnerability-in-confluence-data-center-and-server-1295682276.html