Atlassian has warned of a critical security flaw in Confluence Info Center and Server that could end result in “considerable knowledge reduction if exploited by an unauthenticated attacker.”
Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a optimum of 10 on the CVSS scoring method. It has been explained as an instance of “improper authorization vulnerability.”
All variations of Confluence Data Center and Server are vulnerable to the bug, and it has been tackled in the following versions –
- 7.19.16 or afterwards
- 8.3.4 or later
- 8.4.4 or later on
- 8.5.3 or later on, and
- 8.6.1 or later
That said, the Australian corporation emphasized that “there is no effects to confidentiality as an attacker cannot exfiltrate any occasion facts.”
No other particulars about the flaw and the correct strategy by which an adversary can get edge of it have been produced readily available, probable owing to the reality that undertaking so could allow danger actors to devise an exploit.
Atlassian is also urging buyers to consider immediate action to secure their cases, recommending these that are available to the community internet be disconnected till a patch can be applied.
What is much more, people who are working variations that are outside of the help window are recommended to upgrade to a fixed model. Atlassian Cloud web pages are not impacted by the issue.
Though there is no proof of lively exploitation in the wild, earlier uncovered shortcomings in the software package, which include the not too long ago publicized CVE-2023-22515, have been weaponized by menace actors.
Located this report exciting? Stick to us on Twitter and LinkedIn to browse additional unique written content we put up.
Some parts of this article are sourced from:
thehackernews.com