ASD’s ACSC has received information on multiple vulnerabilities in Atlassian’s Confluence Data Center and Server (CVE-2023-22515 & CVE-2023-22518). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.
Background /What has happened?
- ASD’s ACSC is tracking multiple vulnerabilities in Atlassian’s Confluence Data Center and Server product.
- ASD’s ACSC is aware of reports of active exploitation of CVE-2023-22515 and CVE-2023-22518.
- ASD’s ACSC has assessed that there is potentially significant exposure to these vulnerabilities in Australia and that any future exploitation would have significant impact to Australian systems and networks.
- Note that Atlassian Cloud products are not impacted.
CVE-2023-22515 allows malicious actors to create unauthorised Confluence administrator accounts. Further information on this vulnerability is available at Atlassian’s security advisory (Critical Security Advisory CVE-2023-22515).
CVE-2023-22518 allows a malicious actor to cause significant data loss on the vulnerable instance. Further information on this vulnerability is available at Atlassian’s security advisory (Critical Security Advisory CVE-2023-22518).
Mitigation / How do I stay secure?
- Australian organisations should review their networks for use of vulnerable instances of Atlassian’s Confluence Data Center and Server and implement the following mitigation advice:
- Immediately patch to a fixed version.
- A patch for CVE-2023-22515 & CVE-2023-22518 is available. Refer to Atlassian’s security advisories for further information. The ASD's ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of urgency.
Assistance / Where can I go for help?
The ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD's ACSC via 1300 CYBER1 (1300 292 371).