Critical flaws in Atlassian product being exploited: ACSC


By Dylan Bushell-Embling
Tuesday, 07 November, 2023

Critical flaws in Atlassian product being exploited: ACSC

The Australian Cyber Security Centre (ACSC) has urged Atlassian customers to take immediate action to address two critical vulnerabilities discovered in Atlassian’s Confluence Data Center and Server product.

The newly discovered vulnerabilities, CVE-2023-22515 and CVE-2023-22518, are being actively exploited, reports to the ACSC indicate.

The centre warned it has assessed that there is “potentially significant exposure to these vulnerabilities in Australia”, that “any future exploitation would have significant impact to Australian systems and networks”.

CVE-2023-22515 could allow any malicious actor to create unauthorised Confluence administrator accounts and access Confluence instances, according to Atlassian’s threat advisory. It affects Confluence Data Center and Confluence Server products between version 8.0.0 and 8.5.1.

Meanwhile, CVE-2023-22518 allows attackers to cause data loss on vulnerable instances. Atlassian CISO Bala Sathiamurthy said the company has discovered that customers running unpatched systems are vulnerable to significant data loss if exploited by an unauthorised attacker.

Customers running affected versions of the product should patch to a fixed version as a matter of urgency, according to ACSC.

If they are unable to patch immediately, Atlassian has recommended temporary mitigations including backing up instances, removing them from the internet until a patch is applied and monitoring for evidence of compromise such as the presence of newly created accounts or unexpected members of the ‘confluence-administrators’ group.

Image: iStockPhoto.com/Vertigo3d

Related News

Red Hat, IBM launch open source threat remediation tool

IBM and Red Hat have jointly launched an AI‍-‍powered solution for automating the...

Cloudflare launches superior CAPTCHA alternative

Cloudflare has launched into general availability a solution capable of continuously monitoring...

APAC workers in need of phishing training: report

A report from workforce security company KnowBe4 indicates that 1 in 3 Australian employees is...


  • All content Copyright © 2026 Westwick-Farrow Pty Ltd