Atlassian, an Australian software company, has released emergency security updates to address a severe zero-day vulnerability in its Confluence Data Center and Server software. This vulnerability is actively being exploited, allowing attackers to create unauthorized Confluence administrator accounts and gain access to Confluence instances.
The vulnerability, tracked as CVE-2023-22515, is a critical privilege escalation flaw affecting Confluence Data Center and Server versions 8.0.0 and later. It can be remotely exploited in low-complexity attacks without user interaction.
Since October 5, Imperva has seen over 350K exploitation attempts. These attacks are primarily targeting US computing and financial services sites, and have primarily come from US and German IP addresses.
Imperva Cloud WAF and WAF On Prem customers who have enabled the Threat Radar Emergency Feed are protected out of the box against this vulnerability. Atlassian has also advised customers using vulnerable versions to upgrade immediately to one of the fixed versions and has provided mitigation measures. The company also recommends checking for signs of breaches, such as unexpected administrator accounts or specific requests in network access logs.
Try Imperva for Free
Protect your business for 30 days on Imperva.