Malicious actors have begun to actively exploit a lately disclosed crucial security flaw impacting Atlassian Confluence Data Heart and Confluence Server, inside three days of public disclosure.
Tracked as CVE-2023-22527 (CVSS rating: 10.0), the vulnerability impacts out-of-date variations of the software program, permitting unauthenticated attackers to attain distant code execution on vulnerable installations.
The shortcoming impacts Confluence Data Heart and Server 8 variations launched earlier than December 5, 2023, in addition to 8.4.5.
However merely days after the flaw turned public data, almost 40,000 exploitation makes an attempt focusing on CVE-2023-22527 have been recorded within the wild as early as January 19 from greater than 600 distinctive IP addresses, based on each the Shadowserver Basis and the DFIR Report.
The exercise is at present restricted “testing callback makes an attempt and ‘whoami’ execution,” suggesting that menace actors are opportunistically scanning for weak servers for follow-on exploitation.
A majority of the attacker IP addresses are from Russia (22,674), adopted by Singapore, Hong Kong, the U.S., China, India, Brazil, Taiwan, Japan, and Ecuador.
Over 11,000 Atlassian situations have been discovered to be accessible over the web as of January 21, 2024, though it is at present not identified what number of of them are weak to CVE-2023-22527.
“CVE-2023-22527 is a crucial vulnerability inside Atlassian’s Confluence Server and Data Heart,” ProjectDiscovery researchers Rahul Maini and Harsh Jaiswal stated in a technical evaluation of the flaw.
“This vulnerability has the potential to allow unauthenticated attackers to inject OGNL expressions into the Confluence occasion, thereby enabling the execution of arbitrary code and system instructions.”
