cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

ACSC critical alert flags multiple issues with Atlassian Confluence Data Center

The Australian Cyber Security Centre (ACSC) has discovered two vulnerabilities affecting Atlassian’s Confluence Data Center and Server, leading it to issue a critical alert.

user icon Daniel Croft
Thu, 02 Nov 2023
ACSC critical alert flags multiple issues with Atlassian Confluence Data Center
expand image

The alert said that the two vulnerabilities – CVE-2023-22515 and CVE-2023-22518 – may leave businesses significantly exposed within Australia, and the exploitation of the vulnerabilities would have a detrimental impact on compromised organisations.

The Australian software company’s Confluence Data Center is a platform that allows work teams to collaborate easily, with businesses able to customise the platform’s environment to suit their need with different apps, integrations and APIs.

Malicious actors exploiting CVE-2023-22515 would be able to create administrator accounts within the Confluence Data Center without authorisation. The ACSC has said it has also detected active exploitation of this vulnerability in the wild.

Atlassian has said that it has “evidence to suggest that a known nation-state actor is actively exploiting CVE-2023-22515” and that it has launched an investigation alongside its customers and partners.

The company has rated the severity level critical CVSS 10.0, the highest severity rating it has on its scale.

The other vulnerability, CVE-2023-22518, would allow a threat actor to “cause significant data loss on the vulnerable instance”, according to the ACSC.

While there is no evidence that the vulnerability has been exploited at all, Atlassian has rated the severity at 9.1.

“As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker,” said chief information security officer (CISO) for Atlassian, Bala Sathiamurthy.

“There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances.”

All versions of Atlassian’s Confluence Data Center and Server are at risk of exploitation, and both the ACSC and Atlassian have advised that all users of the software upgrade to a fixed version and run threat detection to search for instances of exposure.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.