US cybersecurity company CISA, the FBI, and the Multi-State Data Sharing and Evaluation Heart (MS-ISAC) warn organizations of potential widespread exploitation of a latest zero-day vulnerability in Atlassian Confluence Data Heart and Server.
Tracked as CVE-2023-22515 (CVSS rating of 9.8), the bug has been exploited by a nation-state risk actor since September 14, roughly two weeks earlier than Atlassian launched patches for it.
Remotely exploitable with out authentication, the flaw is described as a damaged entry management problem resulting in privilege escalation. The difficulty impacts on-premises Confluence situations solely.
“This not too long ago disclosed vulnerability impacts sure variations of Atlassian Confluence Data Heart and Server, enabling malicious cyber risk actors to acquire preliminary entry to Confluence situations by creating unauthorized Confluence administrator accounts,” CISA, FBI, and MS-ISAC word in an advisory (PDF).
As a result of it permits risk actors to switch essential configuration settings, the flaw could also be used for extra malicious actions than the creation of administrative accounts, the advisory reads.
“Menace actors can change the Confluence server’s configuration to point the setup is just not full and use the /setup/setupadministrator.motion endpoint to create a brand new administrator person. The vulnerability is triggered by way of a request on the unauthenticated /server-info.motion endpoint,” the three companies say.
CISA added CVE-2023-22515 to its Recognized Exploited Vulnerabilities catalog on October 5 and warns that, following the publication of proof-of-concept (PoC) exploit code, a number of risk actors have began focusing on the flaw in assaults.
“As a result of ease of exploitation, CISA, FBI, and MS-ISAC count on to see widespread exploitation of unpatched Confluence situations in authorities and personal networks,” the advisory continues.
The vulnerability impacts Confluence Data Heart and Server variations 8.0.0 to eight.5.1 and has been addressed with the discharge of variations 8.3.3, 8.4.3, and eight.5.2 of the product.
Organizations with internet-accessible Confluence Data Heart and Server situations are suggested to replace to a patched launch as quickly as doable. They need to additionally think about proscribing community entry till the updates are utilized.
Of their advisory, CISA, FBI, and MS-ISAC have included particulars on the exploitation of CVE-2023-22515, in addition to indicators-of-compromise (IoCs) to assist organizations hunt for malicious exercise related to the bug’s exploitation.
“CISA, FBI, and MS-ISAC strongly encourage community directors to right away apply the upgrades supplied by Atlassian. CISA, FBI, and MS-ISAC additionally encourage organizations to hunt for malicious exercise on their networks utilizing the detection signatures and indicators of compromise (IOCs),” the US gov companies word.
