[updated] Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances

Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center.

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if your Confluence site is accessed via an atlassian.net domain, it is not vulnerable.

Fixes of Confluence Data Center and Server are available for the following versions:

• 7.19.16 or later
• 8.3.4 or later
• 8.4.4 or later
• 8.5.3 or later
• 8.6.1 or later

Atlassian strongly advises you apply the patch, even for instances that are not exposed to the public internet.

Customers who are unable to immediately patch their Confluence Data Center and Server instances should back them up. Instances accessible over the public internet, including those with user authentication, should be restricted from external network access until they have been patched.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE patched in these updates is listed as:

CVE-2023-22518 (CVSS score 9.1 out of 10): a critical severity authentication vulnerability was discovered in the Confluence Server and Data Center. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.

Atlassian has said it is unaware of any exploits. Other than that an attacker may bypass User Account Control (UAC) mechanisms to elevate process privileges on system there are no details available.

Atlassian CISO Bala Sathaimurthy stated:

> “Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker. There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances.”

Patching vulnerable Confluence servers is important, as cybercriminals have shown before that they make for an attractive target.

Update Novermber 3, 2023

Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw.

> "As part of Atlassian's ongoing monitoring of this CVE, we observed publicly posted critical information about the vulnerability which increases risk of exploitation"

Update November 7, 2023

Over the weekend, reserachers saw a widespread exploitation of CVE-2023-22518 and the older CVE-2023-22515. Reportedly, to encrypt victims' files using Cerber ransomware.

Atlassian confirmed that:

> "We received a customer report of an active exploit. Customers must take immediate action to protect their instances. If you already applied the patch, no further action is required."

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.