Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit

Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.

Dark Reading, Staff & Contributors

October 6, 2023

1 Min Read
Andre Boukreev via Shutterstock

A critical privilege-escalation vulnerability in Atlassian Confluence Server and Confluence Data Center has been disclosed, with evidence of exploitation in the wild as a zero-day bug.

The flaw (CVE-2023-22515) affects on-premises instances of the platforms, in versions 8.0.0 and after.

"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances," according to Atlassian's advisory on CVE-2023-22515, released late on Oct. 4.

Read the Full Article on Dark Reading

About the Author(s)

Dark Reading

Staff & Contributors

Dark Reading: Connecting The Information Security Community

Long one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights