CVE-2023-22518 has recently been observed to be exploited in Atlassian Confluence, affecting millions of users wordlwide.
Here’s what you need to know:
What is CVE-2023-22518?
CVE-2023-22518 is an improper authorization vulnerability that affects Confluence Data Center and Confluence Server. It was first disclosed by Atlassian in an advisory on October 31, 2023. This vulnerability allows an attacker to execute malicious code and potentially take control of an affected system.Does it affect me?
If you are using any version of Confluence Server or Confluence Data Center, your system could be vulnerable to CVE-2023-22518. Atlassian Cloud users are not affected by this vulnerability. It is crucial for organizations using the affected versions to assess their systems and apply the necessary updates.
Has CVE-2023-22518 been actively exploited in the wild?
Yes, as of November 5, 2023, there have been confirmed instances of active exploitation of CVE-2023-22518. Attackers have been observed using this vulnerability to deploy ransomware and perform unauthorized actions on multiple customer environments.
Fixing CVE-2023-22518
Atlassian has released fixed versions of Confluence to address CVE-2023-22518. The fixed versions are:
- 7.19.16
- 8.3.4
- 8.4.4
- 8.5.3
- 8.6.1
Organizations should urgently update to one of these versions to mitigate the vulnerability. Additionally, restricting external access to Confluence servers until the update can be applied is recommended. Atlassian’s advisory also includes interim measures for those unable to update immediately.
Next steps
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
- Can you trust ChatGPT’s package recommendations?
- MITRE ATTACK framework – Mapping techniques to CVEs
- Exploit maturity: an introduction
- OWASP Top 10 vulnerabilities 2022: what we learned
- How to fix CVE-2023-32784 in KeePass password manager
And finally…
Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.
