Another vulnerability in the flagship product of Atlassian corporation, Confluence, allows hackers to access the servers and dump the data. As the company claims, the issue sits in the improper authorization within the Data Center and Server apps. The company already offers the patches for this breach.
Confluence Data Center and Server Vulnerability Leads to Data Loss
As it often happens to any vulnerabilities within authorization/input validation, the new breach in Confluence got a rather high CVSS mark – 9.1/10. All versions of Confluence Data Center and Server are susceptible to this vulnerability. Though, good news for the clients – the breach was discovered by the developers and is not exploited in the wild. At least yet.
Currently, neither company nor researchers show any PoC exploits for this flaw. And within this short time gap, before the hackers will find the way to use the vulnerability, it will be a great idea to install the patches offered by the company. Despite the vulnerability touching all Data Center and Server versions ever released, the patches cover only the most used version.
Actually, CVE-2023-22518 is not the only recent security vulnerability in the Confluence. A few weeks ago, on October 5, the cybersecurity world was set abuzz due to a zero-day discovery in the same Data Center and Server solution. This exploit was reportedly used later on, by a Storm-0062 a.k.a DarkShadow cybercrime gang. The breach allowed hackers to access Confluence servers and create accounts with admin privileges without any permissions required. While for a smaller company or a more niche product this may be not so critical, it is pretty bad for a massively popular software that Atlassian develops.
Confluence Patches for CVE-2023-22518 are Available
The fact that the co was the first to describe the breach adds the silver lining to the story. Along with the report about the discovered issue, they immediately released security updates that are called to patch the exploit. And while the previous exploit was working only on Data Center and Server version 8+, the new one makes all the versions susceptible to exploitation.
As there are several major versions of the solution in use, the co have made patches for each of them:
| Product name | Versions |
|---|---|
| Confluence Data Center and Server |
|
For mitigations, Atlassian only offers to shift the vulnerable instance of the product into offline mode. Yes, this effectively means stopping any operations related to the Confluence, though if there is no way to implement the latest updates, not many other options are available.
How to protect against software vulnerabilities?
Well, as you can see, pretty much any software solution can have vulnerabilities. Brands, developers and stuff the like does not influence: if there is something to hack, it will be hacked. There, only your fast reaction and the presence of proper security is what can secure your system.
EDR/XDR systems that use zero-trust policy are the best way to secure yourself from exploitation attacks. Their all-encompassing protection allows them to track, analyze and stop any suspicious activity. Meanwhile zero-trust will not leave a chance for exploitation even in a highly-trusted application. They treat any app as potentially dangerous, so even the Confluence will be checked as roughly as a Java-applet from the Web.
Keep an eye on recent cybersecurity news. Events like new vulnerabilities, or the companies hacked with their usage obviously cause massive discussions. Sure, not all of them will touch the software you use, but being on alarm is worth it.
Regularly update the software or apply mitigation patches. Most of the minor updates are needed not only to fix some minor bugs, but also to patch security vulnerabilities. A good habit here is viewing the patch notes – they can quickly reveal if the update is security-related or brings other stuff. For large companies, with dozens of computers in the network, it may be complicated to update the software in one turn, so making a choice is important.
