More

    Atlassian’s Chief Information Security Officer cautions about a new vulnerability with potential for substantial data loss.

    Vulnerability Disclosure

    On 30th October 2023, Australian software giant Atlassian publicised a critical vulnerability, CVE-2023-22518, in their Confluence Data Center and Server offerings. The company’s Chief Information Security Officer, Bala Sathiamurthy, emphasised the urgency for clients to address this issue promptly. If exploited, significant data loss could ensue.

    Severity Assessment

    The vulnerability earned a CVSS (Common Vulnerability Scoring System) score of 9.1 out of a maximum of 10, marking it as a severe threat. It falls under the category of an “improper authorization vulnerability”. This flaw could allow an unauthenticated attacker to gain unauthorised access, potentially leading to major data loss. As of the advisory release on 31st October 2023, every version of Confluence Data Center and Server is susceptible, with no active exploitation reports.

    Remediation Measures

    Atlassian has released patches addressing this vulnerability in versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1 or later. For clients unable to install the patch immediately, the company advises backing up systems and temporarily disconnecting them from the internet. This step is crucial for publicly accessible instances, even those requiring user login.

    Previous Vulnerabilities

    Earlier this month, another vulnerability, CVE-2023-22515, drew Atlassian’s attention. This flaw enabled external threats to create unauthorised admin accounts and infiltrate Confluence setups. This incident highlights a recurring trend of critical vulnerabilities within Atlassian’s offerings.

    In 2021, a vulnerability targeted at Atlassian even topped the Cybersecurity and Infrastructure Security Agency’s (CISA) list of most exploited threats. This history underscores the importance of addressing security concerns promptly.

    Conclusion

    Atlassian urges clients to take immediate measures such as patch application or adopting suggested safety precautions. Doing so is essential to prevent potential data loss or unauthorised access, aligning with Atlassian’s commitment to customer and data security.

    Latest articles

    Related articles