Microsoft has detected the nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, exploiting CVE-2023-22515 in the wild since September 14, 2023.
The vulnerability was publicly disclosed on October 4, 2023, and this CVE-2023-22515 is a Confluence zero-day vulnerability.
Atlassian is investigating reports from a few customers regarding the potential exploitation of an undisclosed vulnerability in publicly accessible Confluence Data Center and Server instances, allowing unauthorized access and the creation of administrator accounts.
Here’s what Atlassian stated:-
“Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.”
Document
FREE Demo
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
According to Netlas, it has been reported that the vulnerability has been actively exploited in real-world scenarios.
Flaw profile
CVE ID: CVE-2023-22515
Description: Broken Access Control Vulnerability in Confluence Data Center and Server
Advisory Release Date: Wed, Oct 4th, 2023 06:00 PDT
Related Jira Ticket(s): CONFSERVER-92475
Severity: Critical
CVSS Score: 10.00
IPs Detected
These four IP addresses were detected transmitting exploit traffic linked to CVE-2023-22515:-
192.69.90[.]31
104.128.89[.]92
23.105.208[.]154
199.193.127[.]231
Atlassian has classified this vulnerability as Critical with a CVSS score 10 based on their severity levels. That’s why they have recommended users assess its relevance according to their specific IT setup.
Versions Affected & Fixed
Here below, we have mentioned all the Confluence Data Center and Confluence Server versions that are affected:-
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.1.0
8.1.1
8.1.3
8.1.4
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.3.2
8.4.0
8.4.1
8.4.2
8.5.0
8.5.1
Here below, we have mentioned all the Confluence Data Center and Confluence Server versions that are fixed:-
8.3.3 or later
8.4.3 or later
8.5.2 (Long-Term Support release) or later
PT Swarm team stated that they are able to reproduce the issue.
Recommendation
For Confluence Data Center and Server instances publicly accessible, temporarily restrict external access until the upgrade.
If that’s not possible, apply for interim protection by blocking /setup/* endpoint access at the network level or by adjusting Confluence configuration files.
Then restart the Confluence, as this step restricts access to unnecessary setup pages in Confluence.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
The post Nation-state Hackers Exploiting Confluence Zero-day Vulnerability appeared first on Cyber Security News.
Cyber Security News
