Governance & Risk Management , Patch Management

Atlassian Urges Patching Against Data Loss Vulnerability

Exploit Goes Public But No Sign of Active Exploitation
Atlassian Urges Patching Against Data Loss Vulnerability
Atlassian is urging Confluence customers to patch against a vulnerability that could cause data destruction. (Image: Shutterstock)

Atlassian added new urgency Thursday to a warning that customers with on-premises Confluence servers should patch immediately to protect against a vulnerability that attackers could exploit to destroy data. A publicly available exploit now exists for the vulnerability, disclosed Tuesday and tracked as CVE-2023-22518, the company disclosed.

See Also: Cyber Hygiene and Asset Management Perception vs. Reality

The content collaboration and management workspace developer said it has not seen reports of active exploitation, "though customers must take immediate action to protect their instances."

The flaw affects all versions of Atlassian Confluence Data Center and Confluence Server software. Attackers could use the vulnerability to cause loss of data but not to exfiltrate data.

This marks the second time this month Atlassian Confluence administrators have been told to urgently patch. Apparent nation-state hackers exploited a zero-day in the collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, the company disclosed Oct. 4 (see: Attackers Exploiting Atlassian Confluence Software Zero-Day).

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday urged administrators to either upgrade their software immediately or apply mitigation measures. These measures include creating backups of unpatched instances and restricting internet access to unpatched servers until they can be updated.

Atlassian cautioned that "mitigation actions are limited and not a replacement for patching your instance; you must patch as soon as possible."

Daniel Miessler, founder of Unsupervised Learning and former head of business intelligence of information security at Apple, called the latest advisory "interesting" because usually similar vulnerabilities allow attackers to read but not to delete. "This one appears to be the opposite. That being said, we should expect those attacks to be starting now if they haven't been going on for a while already," he tweeted.

The company said that Atlassian Cloud sites accessed through an atlassian.net domain are unaffected by the vulnerability.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.