2024-01-22 16:26:00
There is a security hole in older versions of the Confluence wiki software that allows attackers to execute their own code remotely, thereby endangering the security of data and servers. Since the end of last week, criminals have been using automated tools to search the Internet for vulnerable installations and attempt to take them over remotely.
Advertisement
The manufacturer informed its customers of the security gap last Tuesday, which it fixed like 27 others as part of the Atlassian patch day. From CVE-2023-22527 (CVSS 10/10, Severity critical) affected are older versions of Confluence Server and Data Center, the versions of the wiki hosted by customers in their own data centers. As is usually the case with such security reports, the Atlassian Cloud is not vulnerable.
Patch outdated installations immediately
However, anyone who still runs a Confluence 8.0, 8.1, 8.2, 8.3, 8.4 (each with any minor versions) or 8.5.0 to 8.5.3 in their infrastructure is at risk of serious trouble. Like that Shadowserver project on Mastodon reports that attackers are currently plowing through the internet from 600 different IP addresses looking for possible victims. A simple HTTP POST request is enough to exploit the vulnerability and take over the Confluence server. The IT security company Project Discovery provides a detailed explanation technical analysis Details about the exploit and its causes.
An update to the latest version – at least 8.5.4 (LTS) for the server and data center version and 8.6.0 or 8.7.1 for the Confluence Data Center – fixes the error. If you cannot patch, you should immediately seal off or shut down your vulnerable Confluence – and check whether an attack may have already taken place. Atlassian provides further information on a FAQ-Seven ready to answer the most pressing questions.
(cku)
To home page
1705941640
#Confluence #Critical #vulnerability #outdated #versions #exploited