Atlassian has warned of a vital security flaw in Confluence Data Middle and Server that might lead to “vital knowledge loss if exploited by an unauthenticated attacker.”
Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a most of 10 on the CVSS scoring system. It has been described for instance of “improper authorization vulnerability.”
All variations of Confluence Data Middle and Server are prone to the bug, and it has been addressed within the following variations –
- 7.19.16 or later
- 8.3.4 or later
- 8.4.4 or later
- 8.5.3 or later, and
- 8.6.1 or later
That stated, the Australian firm emphasised that “there is no such thing as a affect to confidentiality as an attacker can’t exfiltrate any occasion knowledge.”
No different particulars concerning the flaw and the precise methodology by which an adversary can reap the benefits of it have been made accessible, seemingly owing to the truth that doing so might allow menace actors to plot an exploit.
Atlassian can also be urging clients to take fast motion to safe their situations, recommending these which might be accessible to the general public web be disconnected till a patch could be utilized.
What’s extra, customers who’re operating variations which might be outdoors of the assist window are suggested to improve to a hard and fast model. Atlassian Cloud websites aren’t affected by the difficulty.
Whereas there is no such thing as a proof of energetic exploitation within the wild, beforehand found shortcomings within the software program, together with the just lately publicized CVE-2023-22515, have been weaponized by menace actors.
