Atlassian Confluence Servers Attacked From 600+ IP Addresses
Atlassian disclosed a vital vulnerability final week associated to A ways away Code Execution (CVE-2023-22527). This tell vulnerability used to be reported to be affecting Confluence Recordsdata Heart and Server variations released sooner than December 5, 2023.
Furthermore, Atlassian also acknowledged that the vulnerability used to be patched within the most celebrated Confluence recordsdata center and server 8.5.4 (LTS) and 8.6.0 & 8.7.1 (Recordsdata Companies handiest). Furthermore, model 8.5.4 also specified that it doesn’t receive backported fixes due to the the Security Trojan horse repair policy.
CVE-2023-22527 permits an unauthenticated threat actor to invent a long way away commands on the affected installations. Furthermore, this used to be a template injection vulnerability currently being exploited by threat actors.
Fastrack Compliance: The Direction to ZERO-Vulnerability
Compounding the location are zero-day vulnerabilities esteem the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that fetch stumbled on every month. Delays in fixing these vulnerabilities lead to compliance considerations, these prolong might perchance also be minimized with a assorted feature on AppTrana that helps you to fetch “Zero vulnerability chronicle” within 72 hours.
600 Unique IPs
Per the stories shared with Cyber Security Recordsdata, more than 600 IPs were seen attacking Atlassian Confluence with this vulnerability. Most of the attempts were attempts to invent a callback with the “whoami” dispute execution.
As for the originating IPs, most of them were traced aid to Russia. Other commands frail within the exploitation attempts were “identification” and “cat /etc/shadow.” Atlassian urges all the users of Confluence servers to upgrade to the most celebrated variations as soon as that that that you might also imagine.
On the different hand, Atlassian mentioned that there are no workarounds for mitigating this vulnerability. GreyNoise also acknowledged that they were seeing high attempts of exploitation from assorted IPs and requested them to change the prone variations as soon as that that that you might also imagine.
The security malicious program repair policy that affected model 8.5.4 from receiving backported relief states that “…vital security malicious program fixes would perhaps be backported. We’re going to have the option to free up new repairs releases for the variations coated by the policy in remark of binary patches. Binary patches are not released.“
Affected Merchandise and Mounted in Version
| Product | Mounted Variations | Latest Variations |
| Confluence Recordsdata Heart and Server | 8.5.4 (LTS) | 8.5.5 (LTS) |
| Confluence Recordsdata Heart | 8.6.0 (Recordsdata Heart Entirely)8.7.1 (Recordsdata Heart Entirely) | 8.7.2 (Recordsdata Heart Entirely) |
Atlassian has released a chronicle that affords extra knowledge about the vulnerability. It’s in actual fact useful that every the users upgrade to the most celebrated model to prevent exploitation.
Source credit : cybersecuritynews.com
