What We Do
How We Do
Resources
Company
Partners
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Get Started
Security advisories

Zero-Day Vulnerability Impacts Confluence

October 4, 2023 | 2 MINS READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

Atlassian has unveiled details concerning an actively exploited privilege escalation vulnerability; the company was made aware of the issue after multiple incident reports from Atlassian customers.

The vulnerability, CVE-2023-22515 (CVSS: 10), is found in the Confluence Data Center and Server. Threat actors can exploit this vulnerability to create unauthorized Confluence administrator accounts and gain access to Confluence instances.

This is an on-prem/self-managed vulnerability, and the Atlassian advisory states, “If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.” Threat actors exploited the vulnerability before security patches were released. Furthermore, limited technical details on the vulnerability and impacted products are now public. Given these circumstances, organizations must ensure that impacted devices receive the necessary security patches immediately.

What we’re doing about it

What you should do about it

Additional information

On October 4th, 2023, Atlassian released an advisory for their Confluence product. Atlassian has proactively addressed the issue, but the vulnerability's exploitation, before the release of security patches, is concerning.

The Confluence platform, developed by Atlassian, is used in many organizations for documentation and collaboration. Given its widespread use, the eSentire Threat Intelligence team assesses attacks related to CVE-2023-22515 will continue to be exploited in the future. Additionally, Atlassian-hosted instances have been patched and are not impacted, as of October 4th. Atlassian recommends that on-premises Confluence Server and Data Center customers update to a fixed version immediately or else implement mitigations. The advisory notes, "Instances on the public internet are particularly at risk, as this vulnerability is exploitable ‘anonymously’.”

Atlassian has acknowledged the exploitation but hasn't disclosed the specifics of the attacks. There's public speculation regarding the potential culprits, but no concrete evidence has been presented. The vulnerability's public details, combined with the attention it has garnered, suggest that other threat groups might exploit it in the near future.

References:

[1] https://jira.atlassian.com/browse/CONFSERVER-92475
[2] https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

View Most Recent Advisories