Atlassian Zero- Day Vulnerability Update

Published On: October 6, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team recommends Atlassian users to apply the necessary patches. The patches fix an actively exploited critical zero-day.

The zero-day vulnerability can be tracked as CVE-2023-22515 and is remotely exploitable and allow hackers to create unauthorized Confluence administrator accounts and access Confluence servers.

The vulnerability does not impact Confluence versions prior to 8.0.0.

The patch are available for the following versions of Confluence Data Center and Server.

  • 8.3.3 or later
  • 8.4.3 or later, and
  • 8.5.2 (Long Term Support release) or later

If you are unable to apply the update we advise to restrict external network access to affected instances.

“Additionally, you can mitigate known attack vectors for this vulnerability by blocking access to the /setup/* endpoints on Confluence instances,” Atlassian said. “This is possible at the network layer or by making the following changes to Confluence configuration files.”

Here are some indicators of compromise (IoCs) to determine if you Atlassian instance was breached. We recommend to shut down immediately if breached:

  • unexpected members of the confluence-administrator group
  • unexpected newly created user accounts
  • requests to /setup/*.action in network access logs
  • presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory

If you have any questions, please contact your Cyber Advocate.

Related Posts

  • April 19, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 202 vulnerabilities discovered, including 185 WordPress plugin [...]

  • April 18, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version 124 immediately. The new update patches [...]

  • April 10, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]