Critical flaws in Atlassian product being exploited: ACSC
The Australian Cyber Security Centre (ACSC) has urged Atlassian customers to take immediate action to address two critical vulnerabilities discovered in Atlassian’s Confluence Data Center and Server product.
The newly discovered vulnerabilities, CVE-2023-22515 and CVE-2023-22518, are being actively exploited, reports to the ACSC indicate.
The centre warned it has assessed that there is “potentially significant exposure to these vulnerabilities in Australia”, that “any future exploitation would have significant impact to Australian systems and networks”.
CVE-2023-22515 could allow any malicious actor to create unauthorised Confluence administrator accounts and access Confluence instances, according to Atlassian’s threat advisory. It affects Confluence Data Center and Confluence Server products between version 8.0.0 and 8.5.1.
Meanwhile, CVE-2023-22518 allows attackers to cause data loss on vulnerable instances. Atlassian CISO Bala Sathiamurthy said the company has discovered that customers running unpatched systems are vulnerable to significant data loss if exploited by an unauthorised attacker.
Customers running affected versions of the product should patch to a fixed version as a matter of urgency, according to ACSC.
If they are unable to patch immediately, Atlassian has recommended temporary mitigations including backing up instances, removing them from the internet until a patch is applied and monitoring for evidence of compromise such as the presence of newly created accounts or unexpected members of the ‘confluence-administrators’ group.
Nearly half of Australian companies opt to pay ransoms: report
A recent survey found that Australian ransom payments have decreased from 66% to 41% in the past...
Barracuda launches vulnerability detection tool
Barracuda Networks has introduced a new solution aimed at helping organisations uncover and...
The near future of analytics in the AI era
Gartner predicts that 75% of analytics content will use GenAI for enhanced contextual...