icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now

Cyber Security Threat Summary:
vulnerability in its Confluence Data Center and Server software. Tracked as CVE-2023-22515, the flaw relates to a case of privilege escalation. Although Atlassian did not specify the root cause of this flaw, the vulnerability could allow a regular user account to elevate to admin. The software vendor was made aware of an issue after receiving reports from its customers. According to Atlassian external attackers may have exploited the vulnerability in “publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.”

Security Officer Comments:
CVE-2023-22515 impacts the following versions of Confluence Server and Data Center

  • 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.1.1, 8.1.3, 8.1.4, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.4.2, 8.5.0, and 8.5.1
The flaw has been addressed in versions 8.3.3 or later, 8.4.3 or later, and 8.5.2 or later

Versions prior to 8.0.0 are not affected. Furthermore, Atlassian states that its confluence sites accessed via an atlassian.net domain are also not impacted.

Suggested Correction(s):
Besides applying patches, Atlassian says administrators can mitigate known attack vectors for this vulnerability by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files. The company also recommends checking all affected Confluence instances for the following indicators of compromise:
  • unexpected members of the confluence-administrators group
  • unexpected newly created user accounts
  • requests to /setup/*.action in network access logs
  • presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory
Link(s):
https://thehackernews.com/2023/10/atlassian-confluence-hit-by-newly.html

Contact Us for Threat Assistance
Back to Current Threats