Atlassian released patches for the recently released vulnerability CVE-2023-22518 in their Confluence Data Center and Confluence Server products. This is a critical vulnerability, allowing attackers to bypass the authentication mechanism to potentially gain unauthorized access to sensitive information and systems. This vulnerability comes just weeks after CVE-2023-22515, a previous vulnerability in the same Confluence products. Imperva Threat Research has been actively monitoring the situation since the previous vulnerability.
Cloud WAF customers and WAF Gateway customers who have enabled and configured their Emergency Feed (THR) components are already protected out of the box. On-Prem customers will need to enable the signatures manually.
Even with protection, we urge our customers to remain vigilant and update their systems with the latest security patches. We will update this blog with more information as it becomes available.
Try Imperva for Free
Protect your business for 30 days on Imperva.