Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in Confluence Data Center and Server
Alerts

Active Exploitation of Critical Vulnerability in Confluence Data Center and Server

5 October 2023

Atlassian has released security updates to address a critical vulnerability (CVE-2023-22515) in their Confluence Data Center and Server. The vulnerability is reportedly being actively exploited. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.

Successful exploitation of the vulnerability could allow an attacker to create an unauthorised adminstrator account and gain access to the Data Center and Server instances. 

The vulnerability affects the following Confluence Data Center and Server versions:

• Versions 8.0.0 to 8.0.4

• Versions 8.1.0 to 8.1.4

• Versions 8.2.0 to 8.2.3

• Versions 8.3.0 to 8.3.2

• Versions 8.4.0 to 8.4.2

• Versions 8.5.0 to 8.5.1

Users and administrators of the affected product versions are advised to upgrade to the following versions immediately:

• Versions 8.3.3 or later

• Versions 8.4.3 or later

• Versions 8.5.2 or later

More information is available here:

https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

https://securityaffairs.com/151960/hacking/atlassian-confluence-zero-day-exploited.html

https://www.bleepingcomputer.com/news/security/atlassian-patches-critical-confluence-zero-day-exploited-in-attacks/

Back to top