AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security alert for Atlassian: the escalation of a critical risk

Warning about the consequences of exploits on Atlassian: an urgent call to strengthen defenses

Warning: A serious vulnerability (CVE-2023-22518) has been discovered in Atlassian Confluence Server and Data Center with maximum risk. An urgent update is recommended to prevent ransomware attacks.

This pill is also available in Italian language

Following a series of ransomware attacks targeting outdated Atlassian Confluence Data Center and Server configurations, there has been an increase in the risk assessment associated with the known vulnerability. Originally estimated with a Common Vulnerability Scoring System (CVSS) score of 9.1, this value was then increased to the maximum possible of 10. Atlassian Confluence Cloud instances remain unaffected by this issue at this time.

Vulnerability details and severity

The security incident, tracked under the identifier CVE-2023-22518, was exacerbated by an expansion in the attack method, as reported in Atlassian's recent statement. The research organization Rapid7 also released a report signaling a resurgence of attacks, which began last weekend. Atlassian business software is widely used for software development and cooperation.

Implications of the security flaw

The vulnerability in question would allow an unauthenticated attacker to reset the Confluence instance and create an administrator account. Thanks to these credentials, the attacker would be able to perform all the administrative operations typical of an administrator of the Confluence instance. This would result in a complete breach of the confidentiality, integrity and availability of the systems involved.

Attack symptoms and safety recommendations

The extent of the impacts is currently not quantifiable by Atlassian, which however reports some indications of compromise: loss of access or login credentials, suspicious requests to the /json/setup-restore* addresses in the network logs, installation of incorrect plugins recognized - among which the "web.shell.Plugin" was reported - encrypted or corrupted data, unexpected additions to the Confluence administrators group and creation of new unauthorized user accounts.

Follow us on Threads for more pills like this

11/07/2023 20:05

Marco Verro

Complementary pills

A critical Atlassian bug has been discovered that requires an immediate updateAtlassian issues an urgent warning to Confluence users

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon