On October 4, the Australian company Atlassian, specializing in the release and support of corporate software for collaboration, published an official warning regarding CVE-2023-22515, a critical security vulnerability for increasing privileges in Confluence Data Center and Server. This previously undisclosed vulnerability was successfully exploited by hackers against a limited number of customers.
The successful exploitation of this vulnerability allows attackers to create administrator accounts with access to Confluence instances. Atlassian rates the severity of this vulnerability between 9.0 and 10.0 on the CVSS scale.
In the provided recommendations to mitigate CVE-2023-22515, Atlassian suggests that locking network access to the end points “/setup /*” can help prevent the exploitation of this vulnerability. It is also mentioned that the attacked customers had previously granted general access to their Confluence servers, which served as an entry point for cybercriminals.
However, it is important to note that Confluence cloud instances with the “Atlassian.net” domain are not susceptible to this vulnerability.
In the past, the Atlassian Confluence platform has experienced previous attacks. In June 2022, information was published about another critical zero-day vulnerability that was exploited by attackers from China.
Atlassian has released patches for CVE-2023-22515 and provided a list of all affected versions. Organizations are strongly advised to install the updates as soon as possible to minimize potential risks.
The Atlassian documentation also includes compromise indicators that can help organizations determine if they have been affected by this attack.