The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) in response to the active exploitation of a zero-day vulnerability [CVE-2023-22515] affecting certain versions of Atlassian Confluence Data Center and Server.
Successful exploitation allows malicious cyber threat actors to create a new administrator account on the target Confluence server, which can lead to a total loss of integrity and confidentiality of the data held in the server.
The vulnerability is known to have been exploited by threat actors before public knowledge of the vulnerability existed.
See the resource center.
Status
- The Bitsight Security Research team is collecting data.
- Data is being collected for evaluation from a prototype detection capability based on identification of vulnerable versions of Confluence.