Enterprise software program maker Atlassian on Monday urged all Confluence Data Middle and Server clients to patch their cases in opposition to a critical-severity vulnerability that may be exploited with out authentication.
The security defect, tracked as CVE-2023-22518 (CVSS rating of 9.1), is described as an improper authorization bug that impacts all Confluence variations.
Whereas it didn’t share technical particulars on the flaw in its advisory, Atlassian as an alternative drew consideration to the excessive affect profitable exploitation would have.
“As a part of our steady security evaluation processes, we’ve got found that Confluence Data Middle and Server clients are susceptible to vital information loss if exploited by an unauthenticated attacker,” Atlassian CISO Bala Sathiamurthy notes.
“There are not any reviews of energetic exploitation presently; nevertheless, clients should take fast motion to guard their cases,” Sathiamurthy continues.
In keeping with Atlassian, the vulnerability has no affect on confidentiality, as no information exfiltration can happen from exploiting it.
The problem has been addressed with the discharge of Confluence Data Middle and Server variations 7.19.16, 8.3.4, 8.4.4, 8.5.3, and eight.6.1.
Clients which are unable to use the patches are suggested to again up their cases and block web entry to them till they are often patched.
“Cases accessible to the general public web, together with these with person authentication, needs to be restricted from exterior community entry till you possibly can patch,” Atlassian notes.
The corporate additionally notes that, as per its coverage relating to vital vulnerabilities, the patches can be again ported, and that new upkeep releases for all variations coated by the coverage will grow to be out there.
“Atlassian Cloud websites will not be affected by this vulnerability. In case your Confluence website is accessed by way of an atlassian.internet area, it’s hosted by Atlassian and isn’t susceptible to this problem,” the software program maker notes.
