Atlassian Releases Security Updates for Critical Vulnerabilities in Confluence Data Center and Confluence Server
The security update addresses one improper authorisation vulnerability and one broken access control vulnerability in Confluence Data Center and Confluence Server
Summary
The security update addresses one improper authorisation vulnerability and one broken access control vulnerability in Confluence Data Center and Confluence Server
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Atlassian has released a security update to address an improper authorisation vulnerability in Confluence Data Center and Server. The critical vulnerability, known as CVE-2023-22518, has a CVSSv3 score of 10 and can lead to significant data loss on affected Confluence instances if exploited by an unauthenticated attacker.
Atlassian has stated that there is no impact to confidentiality of information, as an attacker cannot use this vulnerability to exfiltrate any instance data.
Atlassian has also released security updates for a critical vulnerability assigned CVE-2023-22515 that is being actively exploited in the wild, including by nation-state actors. Details of this vulnerability have been addressed in CC-4390.
Actioning the remediations detailed in this cyber alert will address both vulnerabilities.
Atlassian has confirmed that Atlassian Cloud sites and Confluence sites which are accessed via an atlassian.net domain, are not vulnerable to these issues.
Exploitation status of CVE-2023-22518 and CVE-2023-22515
Atlassian have reported that CVE-2023-22515 is being actively exploited in the wild, including by nation-state actors.
The US Cybersecurity and Infrastructure Security Agency (CISA) have added CVE-2023-22518 to their Known Exploited Vulnerability Catalog based on evidence of active exploitation in the wild.
Threat updates
| Date | Update |
|---|---|
| 8 Nov 2023 |
Known Exploited Vulnerability Catalog and raised CVSS score
CVE-2023-22518 has had its CVSS score raised from 9.1 to 10, and has been added to CISA's Known Exploited Vulnerability Catalog. This cyber alert has been updated to reflect these changes. |
| 3 Nov 2023 |
Elevated to High Severity Alert
Cyber Alert elevated to High Severity following public release of PoC code of CVE-2023-22518 and ongoing exploitation of CVE-2023-22515. This cyber alert has been updated to reflect these changes. |
Remediation advice
Affected organisations are required to review the Atlassian security advisory for CVE-2023-22518 and upgrade to a fixed version as soon as possible.
Any organisation that has maintained a Confluence instance affected by CVE-2023-22515 is required to follow the threat detection steps detailed in the CVE-2023-22515 advisory.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Review advisory for CVE-2023-22518 and apply relevant security updates as soon as possible https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html |
| Action |
Any organisation that has maintained a Confluence instance that is vulnerable to CVE-2023-22515 should follow the threat detection steps detailed in Atlassian's advisory for CVE-2023-22515. Atlassian advise searching for evidence of compromise which may include:
https://confluence.atlassian.com/security/cve-2023-22515-broken-access-control-vulnerability-in-confluence-data-center-and-server-1295682276.html |
| Action |
If evidence of compromise is detected organisations should report a cyberattack by calling 0300 303 5222 or emailing [email protected] |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 9 November 2023 1:56 pm