January 23, 2024: A security advisory has been released by Atlassian for CVE-2023-22527, alerting to a vulnerability in out-of-date version of Confluence Data Center and Server. The RCE (remote code execution) vulnerability was discovered as actively exploited within days of its discovery. The vulnerability affects versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3.
Thousands of exploitation attempts have already been discovered from IP addresses in Russia, Singapore, Hong Kong, the U.S., China, India, Brazil, Taiwan, Japan, and Ecuador.
The vulnerability carries a CVSS score of 10/10 as it allows unauthenticated attackers to achieve remote code execution (RCE) on affected versions of Confluence Data Center and Server endpoints. This is especially critical if you host your own Confluence server, rather than the standard cloud server deployment.
Customers that are still using an affected version must take immediate action patch each of your affected installations to the lates version available. These Fixed Version are no longer the most up to date and do no protect your version from the RCE vulnerability and other non-critical vulnerabilities:
- 8.52 (LTS)
- 8.60 (Data Center Only)
- 8.7.1 (Data Center Only)
The latest versions that users with the above versions should install the latest versions below immediately if you have not already done so:
- 8.5.5 (LTS)
- 8.7.2 (Data Center Only)
Applying known safe patches as soon as they are released is a critical part of any organization’s cyber posture in order to avoid any potential threats and unauthorized users from entering the network and traversing it. Limiting privileges and network segmentation are also recommended practices to mitigate access throughout the network and data stored in the event you suffer a breach.
SecuLore™ OverWatch provides continuous network monitoring and addresses attack surface management through our patented Paladin technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
Contact SecuLore for more information to get started with a monitoring option to detect malicious traffic attempting to exploit vulnerabilities on your network security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
SecuLore Support Team