AI DevwWrld Chatbot Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Security alert for Atlassian: the escalation of a critical risk

Warning about the consequences of exploits on Atlassian: an urgent call to strengthen defenses

Warning: A serious vulnerability (CVE-2023-22518) has been discovered in Atlassian Confluence Server and Data Center with maximum risk. An urgent update is recommended to prevent ransomware attacks.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

Following a series of ransomware attacks targeting outdated Atlassian Confluence Data Center and Server configurations, there has been an increase in the risk assessment associated with the known vulnerability. Originally estimated with a Common Vulnerability Scoring System (CVSS) score of 9.1, this value was then increased to the maximum possible of 10. Atlassian Confluence Cloud instances remain unaffected by this issue at this time.

Vulnerability details and severity

The security incident, tracked under the identifier CVE-2023-22518, was exacerbated by an expansion in the attack method, as reported in Atlassian's recent statement. The research organization Rapid7 also released a report signaling a resurgence of attacks, which began last weekend. Atlassian business software is widely used for software development and cooperation.

Implications of the security flaw

The vulnerability in question would allow an unauthenticated attacker to reset the Confluence instance and create an administrator account. Thanks to these credentials, the attacker would be able to perform all the administrative operations typical of an administrator of the Confluence instance. This would result in a complete breach of the confidentiality, integrity and availability of the systems involved.

Attack symptoms and safety recommendations

The extent of the impacts is currently not quantifiable by Atlassian, which however reports some indications of compromise: loss of access or login credentials, suspicious requests to the /json/setup-restore* addresses in the network logs, installation of incorrect plugins recognized - among which the "web.shell.Plugin" was reported - encrypted or corrupted data, unexpected additions to the Confluence administrators group and creation of new unauthorized user accounts.

Follow us on Twitter for more pills like this

11/07/2023 20:05

Editorial AI

Complementary pills

A critical Atlassian bug has been discovered that requires an immediate updateAtlassian issues an urgent warning to Confluence users

Last pills

Global blow to cybercrime: a major ransomware network has fallenCybercriminal organization busted: a success for global cybersecurity

Crisis in aviation: Rosaviatsia targeted by cyberattackCyber attack exposes vulnerability of Russian aviation sector

Introduction to the new SysJoker threatIn-depth analysis reveals evolutions and risks of SysJoker cross-platform malware

Cybersecurity strategies compared between Taiwan and JapanStrengthening digital defenses in the information age