HomeVulnerabilityAtlassian CISO Urges Fast Motion to Shield Confluence Cases From Essential Vulnerability

Atlassian CISO Urges Fast Motion to Shield Confluence Cases From Essential Vulnerability

Enterprise software program maker Atlassian on Monday urged all Confluence Data Middle and Server clients to patch their cases in opposition to a critical-severity vulnerability that may be exploited with out authentication.

The security defect, tracked as CVE-2023-22518 (CVSS rating of 9.1), is described as an improper authorization bug that impacts all Confluence variations.

Whereas it didn’t share technical particulars on the flaw in its advisory, Atlassian as an alternative drew consideration to the excessive affect profitable exploitation would have.

“As a part of our steady security evaluation processes, we’ve got found that Confluence Data Middle and Server clients are susceptible to vital information loss if exploited by an unauthenticated attacker,” Atlassian CISO Bala Sathiamurthy notes.

“There are not any reviews of energetic exploitation presently; nevertheless, clients should take fast motion to guard their cases,” Sathiamurthy continues.

In keeping with Atlassian, the vulnerability has no affect on confidentiality, as no information exfiltration can happen from exploiting it.

See also  Over 2,000 Palo Alto Networks Units Hacked in Ongoing Attack Marketing campaign

The problem has been addressed with the discharge of Confluence Data Middle and Server variations 7.19.16, 8.3.4, 8.4.4, 8.5.3, and eight.6.1.

Clients which are unable to use the patches are suggested to again up their cases and block web entry to them till they are often patched.

“Cases accessible to the general public web, together with these with person authentication, needs to be restricted from exterior community entry till you possibly can patch,” Atlassian notes.

The corporate additionally notes that, as per its coverage relating to vital vulnerabilities, the patches can be again ported, and that new upkeep releases for all variations coated by the coverage will grow to be out there.

“Atlassian Cloud websites will not be affected by this vulnerability. In case your Confluence website is accessed by way of an atlassian.internet area, it’s hosted by Atlassian and isn’t susceptible to this problem,” the software program maker notes.

See also  Safety startup Discern launches AI-powered coverage administration platform

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular