CISA, FBI urge admins to patch Atlassian Confluence immediately

Network administrators were alerted today by CISA, FBI, and MS-ISAC to patch their Atlassian Confluence servers right away to prevent attacks that actively take advantage of a maximum severity vulnerability.

This major privilege escalation problem, tracked as CVE-2023-22515, affects Confluence Data Center and Server 8.0.0 and later. Low-complexity attacks that don’t require user input can remotely exploit it.

Atlassian urged users to update their Confluence instances as quickly as possible to one of the corrected versions (i.e., 8.3.3 or later, 8.4.3 or later, or 8.5.2 or later) when it provided security patches on October 4. This was because the flaw had already been exploited in the wild as a zero-day.

It was advised for those who were unable to upgrade to either terminate the affected instances or remove them from the Internet read more CISA and FBI urge admins to patch Atlassian Confluence immediately.

Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *