Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.
The privilege-escalation vulnerability, tracked as CVE-2023-22515, affects versions 8.0.0 through 8.5.1. Versions prior to 8.0.0 are not impacted by the flaw. Our reading of the details is that public-facing instances are potentially in danger: anyone who can reach a vulnerable deployment can attempt to exploit it and gain admin-level access. Some customers have already been hit via this zero-day vulnerability, and updates are now available to shore up installations.
“Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances,” according to a Wednesday advisory from the software giant.
“Instances on the public internet are particularly at risk, as this vulnerability is exploitable anonymously.”