Nation-state Hackers Exploiting Confluence Zero-day Vulnerability
Microsoft has detected the nation-reveal risk actor Storm-0062, also known as DarkShadow or Oro0lxy, exploiting CVE-2023-22515 in the wild since September 14, 2023.
The vulnerability turn into once publicly disclosed on October 4, 2023, and this CVE-2023-22515 is a Confluence zero-day vulnerability.
Atlassian is investigating experiences from a pair of prospects relating to the ability exploitation of an undisclosed vulnerability in publicly accessible Confluence Knowledge Center and Server cases, allowing unauthorized acquire admission to and the creation of administrator accounts.
Right here’s what Atlassian acknowledged:-
“Cloud sites are no longer plagued by this vulnerability. In case your Confluence space is accessed by ability of an atlassian.to find domain, it’s a long way hosted by Atlassian and isn’t very at risk of this topic.”
Deploy Evolved AI-Powered Email Safety Resolution
Imposing AI-Powered Email security alternatives “Trustifi” can stable your industry from this day’s most unpleasant email threats, such as Email Tracking, Blocking off, Enhancing, Phishing, Legend Rob Over, Trade Email Compromise, Malware & Ransomware
Per Netlas, it has been reported that the vulnerability has been actively exploited in accurate-world scenarios.
Flaw profile
- CVE ID: CVE-2023-22515
- Description: Broken Entry Alter Vulnerability in Confluence Knowledge Center and Server
- Advisory Free up Date: Wed, Oct 4th, 2023 06:00 PDT
- Linked Jira Ticket(s): CONFSERVER-92475
- Severity: Significant
- CVSS Score: 10.00
IPs Detected
These four IP addresses had been detected transmitting exploit traffic linked to CVE-2023-22515:-
- 192.69.90[.]31
- 104.128.89[.]92
- 23.105.208[.]154
- 199.193.127[.]231
Atlassian has classified this vulnerability as Significant with a CVSS acquire 10 in line with their severity ranges. That’s why they’ve quick customers assess its relevance in line with their particular IT setup.
Variations Affected & Fastened
Right here below, we comprise talked about the general Confluence Knowledge Center and Confluence Server variations which are affected:-
- 8.0.0
- 8.0.1
- 8.0.2
- 8.0.3
- 8.0.4
- 8.1.0
- 8.1.1
- 8.1.3
- 8.1.4
- 8.2.0
- 8.2.1
- 8.2.2
- 8.2.3
- 8.3.0
- 8.3.1
- 8.3.2
- 8.4.0
- 8.4.1
- 8.4.2
- 8.5.0
- 8.5.1
Right here below, we comprise talked about the general Confluence Knowledge Center and Confluence Server variations which are mounted:-
- 8.3.3 or later
- 8.4.3 or later
- 8.5.2 (Lengthy-Timeframe Beef up free up) or later
PT Swarm team acknowledged that they are ready to breed the topic.
Advice
For Confluence Knowledge Center and Server cases publicly accessible, temporarily restrict exterior acquire admission to till the upgrade.
If that’s no longer likely, apply for intervening time security by blockading /setup/* endpoint acquire admission to at the community level or by adjusting Confluence configuration details.
Then restart the Confluence, as this step restricts acquire admission to to pointless setup pages in Confluence.
Source credit : cybersecuritynews.com