Critical flaws in Atlassian product being exploited: ACSC

The Australian Cyber Security Centre (ACSC) has urged Atlassian customers to take immediate action to address two critical vulnerabilities discovered in Atlassian’s Confluence Data Center and Server product.

The newly discovered vulnerabilities, CVE-2023-22515 and CVE-2023-22518, are being actively exploited, reports to the ACSC indicate.

The centre warned it has assessed that there is “potentially significant exposure to these vulnerabilities in Australia”, that “any future exploitation would have significant impact to Australian systems and networks”.

CVE-2023-22515 could allow any malicious actor to create unauthorised Confluence administrator accounts and access Confluence instances, according to Atlassian’s threat advisory. It affects Confluence Data Center and Confluence Server products between version 8.0.0 and 8.5.1.

Meanwhile, CVE-2023-22518 allows attackers to cause data loss on vulnerable instances. Atlassian CISO Bala Sathiamurthy said the company has discovered that customers running unpatched systems are vulnerable to significant data loss if exploited by an unauthorised attacker.

Customers running affected versions of the product should patch to a fixed version as a matter of urgency, according to ACSC.

If they are unable to patch immediately, Atlassian has recommended temporary mitigations including backing up instances, removing them from the internet until a patch is applied and monitoring for evidence of compromise such as the presence of newly created accounts or unexpected members of the ‘confluence-administrators’ group.

Image: iStockPhoto.com/Vertigo3d