Critical Zero-Day Bug in Atlassian Confluence Under Active ExploitCritical Zero-Day Bug in Atlassian Confluence Under Active Exploit
Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.
October 6, 2023
A critical privilege-escalation vulnerability in Atlassian Confluence Server and Confluence Data Center has been disclosed, with evidence of exploitation in the wild as a zero-day bug.
The flaw (CVE-2023-22515) affects on-premises instances of the platforms, in versions 8.0.0 and after.
"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances," according to Atlassian's advisory on CVE-2023-22515, released late on Oct. 4.
About the Author(s)
You May Also Like