Atlassian is again warning of a bug in Confluence that leaves your data vulnerable to intruders. If you don’t patch, you risk “significant data loss.”

Atlassian is warning customers about CVE-2023-22518, a vulnerability that could lead to incorrect authorization in on-premises versions of Confluence Data Center and Server. The provider’s motto is simple: update the software to a protected version. If this does not happen, there is a risk of “significant data loss,” is the unmistakable warning.

If patching is not possible immediately, Atlassian recommends creating backups and implementing temporary workarounds as soon as possible. Vulnerable systems are also best taken offline until they are patched. According to Atlassian, the vulnerability is not being actively exploited yet, but that is no reason to wait until it is before taking action. The vulnerability could give attackers free access to your data, although Atlassian doesn’t specify how to provide a free manual to malicious people.

From vulnerability to vulnerability

Atlassian and its customers have had their hands full in recent weeks fixing vulnerabilities in the Confluence software. Last month, a security flaw was discovered that was actively exploited by Chinese hackers. This vulnerability received the maximum CVSS rating of ten out of ten. CVE-2023-22518 is not to be underestimated with a score of 9.1 out of 10.

This accumulation of security incidents is damaging Atlassian’s reputation. In the summer of 2022, the provider itself made a serious mistake by programming hard-coded passwords into its software, which were inevitably leaked with all the associated consequences.