Share this article on:
The Australian Cyber Security Centre (ACSC) has discovered two vulnerabilities affecting Atlassian’s Confluence Data Center and Server, leading it to issue a critical alert.
The alert said that the two vulnerabilities – CVE-2023-22515 and CVE-2023-22518 – may leave businesses significantly exposed within Australia, and the exploitation of the vulnerabilities would have a detrimental impact on compromised organisations.
The Australian software company’s Confluence Data Center is a platform that allows work teams to collaborate easily, with businesses able to customise the platform’s environment to suit their need with different apps, integrations and APIs.
❗ ALERT ❗ Multiple vulnerabilities found in Atlassian’s Confluence Data Center & Server product (CVE-2023-22515 & CVE-2023-22518).
Organisations should monitor for unauthorised access & apply patches as a matter of urgency. More details & advice 👉 https://t.co/00yk8ETwQX pic.twitter.com/rZ2EOBEpMp— Australian Cyber Security Centre (@CyberGovAU) November 1, 2023========================
Malicious actors exploiting CVE-2023-22515 would be able to create administrator accounts within the Confluence Data Center without authorisation. The ACSC has said it has also detected active exploitation of this vulnerability in the wild.
Atlassian has said that it has “evidence to suggest that a known nation-state actor is actively exploiting CVE-2023-22515” and that it has launched an investigation alongside its customers and partners.
The company has rated the severity level critical CVSS 10.0, the highest severity rating it has on its scale.
The other vulnerability, CVE-2023-22518, would allow a threat actor to “cause significant data loss on the vulnerable instance”, according to the ACSC.
While there is no evidence that the vulnerability has been exploited at all, Atlassian has rated the severity at 9.1.
“As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker,” said chief information security officer (CISO) for Atlassian, Bala Sathiamurthy.
“There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances.”
All versions of Atlassian’s Confluence Data Center and Server are at risk of exploitation, and both the ACSC and Atlassian have advised that all users of the software upgrade to a fixed version and run threat detection to search for instances of exposure.