- "기밀 VM의 빈틈을 메운다" 마이크로소프트의 오픈소스 파라바이저 '오픈HCL'란?
- The best early Black Friday AirPods deals: Shop early deals
- The 19 best Black Friday headphone deals 2024: Early sales live now
- I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off
- The best Black Friday deals 2024: Early sales live now
Atlassian Finds Public Exploit for Critical Bug
Software vendor Atlassian has discovered “publicly posted critical information” about a recently published critical vulnerability, increasing the likelihood it will be exploited in the wild.
A brief update by the Australian developer on Thursday said its discovery had come during “ongoing monitoring” of the vulnerability in the popular Confluence workspace tool.
“There are still no reports of an active exploit, though customers must take immediate action to protect their instances,” it urged.
The software flaw (CVE-2023-22518) is listed as an improper authorization vulnerability affecting all versions of Confluence Data Center and Server, although Atlassian Cloud sites accessed via atlassian.net are unaffected.
The bug has a CVSS score of 9.1, which should single it out as a priority to patch for any sysadmin managing the software in their organization.
Although the CVE will not enable an attacker to exfiltrate corporate data, it could allow an attacker to wipe any data they find in affected Confluence environments.
Read more on Atlassian bugs: Atlassian Patches Critical Authentication Flaw in Jira Software.
Atlassian CISO, Bala Sathiamurthy, warned that exploitation by an unauthenticated attacker could lead to “significant data loss.”
If organizations are unable to patch, they are encouraged to:
- Backup their instance
- Remove the instance from the internet until patching is possible, including even instances that require user authentication
- Apply several listed measures to block access on three key endpoints
Atlassian has become an increasingly popular target for attacks in recent years as users flock to its Confluence product for remote collaboration.
In August 2022, threat actors were discovered exploiting CVE-2022-26134 in the product to deploy a novel backdoor against multiple unnamed organizations.
In October, US agencies urged customers to patch a critical broken authentication & session management bug (CVE-2023-22515) in Confluence Data Center and Server. They warned of active exploitation in the wild by Chinese threat group Storm-0062.
