AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security alert for Atlassian: the escalation of a critical risk

Warning about the consequences of exploits on Atlassian: an urgent call to strengthen defenses

Warning: A serious vulnerability (CVE-2023-22518) has been discovered in Atlassian Confluence Server and Data Center with maximum risk. An urgent update is recommended to prevent ransomware attacks.

This pill is also available in Italian language

Following a series of ransomware attacks targeting outdated Atlassian Confluence Data Center and Server configurations, there has been an increase in the risk assessment associated with the known vulnerability. Originally estimated with a Common Vulnerability Scoring System (CVSS) score of 9.1, this value was then increased to the maximum possible of 10. Atlassian Confluence Cloud instances remain unaffected by this issue at this time.

Vulnerability details and severity

The security incident, tracked under the identifier CVE-2023-22518, was exacerbated by an expansion in the attack method, as reported in Atlassian's recent statement. The research organization Rapid7 also released a report signaling a resurgence of attacks, which began last weekend. Atlassian business software is widely used for software development and cooperation.

Implications of the security flaw

The vulnerability in question would allow an unauthenticated attacker to reset the Confluence instance and create an administrator account. Thanks to these credentials, the attacker would be able to perform all the administrative operations typical of an administrator of the Confluence instance. This would result in a complete breach of the confidentiality, integrity and availability of the systems involved.

Attack symptoms and safety recommendations

The extent of the impacts is currently not quantifiable by Atlassian, which however reports some indications of compromise: loss of access or login credentials, suspicious requests to the /json/setup-restore* addresses in the network logs, installation of incorrect plugins recognized - among which the "web.shell.Plugin" was reported - encrypted or corrupted data, unexpected additions to the Confluence administrators group and creation of new unauthorized user accounts.

Follow us on Google News for more pills like this

11/07/2023 20:05

Editorial AI

Complementary pills

A critical Atlassian bug has been discovered that requires an immediate updateAtlassian issues an urgent warning to Confluence users

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately