Search This Blog

Powered by Blogger.

Blog Archive

Labels

Atlassian Warns of Critical Confluence Vulnerability Resulting in Data Loss

The company issued an advisory this week urging clients to patch against the vulnerability affecting on-premise versions of Atlassian Confluence Data.

 

Just weeks after state-backed hackers targeted its products, Australian software giant Atlassian has warned of a critical security flaw that could result in "significant data loss" for customers. 

The company issued an advisory this week urging clients to patch against the vulnerability affecting on-premise versions of Atlassian Confluence Data Centre and Server, a frequently used collaborative wiki system used by enterprises to manage and share work. This item was recently the target of Chinese state-sponsored hackers, who compromised a "handful" of Atlassian customers by exploiting a separate 10.0 maximum-rated vulnerability. 

This most recent vulnerability has been classified as an "improper authorization vulnerability." It is tracked as CVE-2023-22518 and has received a rating of 9.1 out of 10 on the vulnerability severity scoring system. According to Atlassian, "significant data loss if exploited by an unauthenticated attacker" could result from it. 

There is "no impact to confidentiality as an attacker cannot exfiltrate any instance data," according to Atlassian, which stated that as of October 31, there had been no reports of active exploitation. Additionally, this vulnerability does not impact sites hosted on the Atlassian Cloud that are accessible through an atlassian.net domain. 

The Atlassian CISO, Bala Sathiamurthy, stated in the company's advisory that customers need to take “immediate action” to protect their instances even though the flaw isn’t being actively exploited yet. 

Attention must be given immediately to all publicly accessible versions of Confluence Data Centre and Server, as they "are at critical risk." If administrators are unable to promptly upgrade to a fixed version, Atlassian has advised them to implement temporary mitigations. 

"Until you can patch, instances that are accessible to the public internet, including those that require user authentication, should be restricted from accessing external networks," the company stated. 

The video messaging startup Loom is set to be acquired by Atlassian for $975 million, the company noted earlier this month. For its platform, particularly Jira and Confluence, the company stated that it believes Loom can be a helpful collaboration tool.
Share it:

Critical Flaw

Data Leak

Data Safety

Server Hack

User Security

Vulnerabilities and Exploits