A vulnerability in the Atlassian Confluence data center and server is being widely exploited. Those who delayed the patch had better implement it as soon as possible.

On January 16, Atlassian communicated two vulnerabilities in the Confluence data center and server. The most severe was the CVE-2023-22527 vulnerability, which exposed remote code execution software and received a maximum CVSS rating of ten out of ten. Atlassian urged companies to update their software to a secure version.

Unfortunately, not everyone followed this motto, with all the consequences that entailed. Shadowserver shares some numbers about X. Forty thousand attacks are said to have been carried out on unpatched Atlassian systems since January 19th alone. More than half of them occurred in Russia, followed by many attacks in Asian countries. Europe still doesn’t seem to be in danger, but we still advise European Atlassian users not to wait and take action now.

There is more

The Confluence Data Center and Server vulnerability may be getting all the attention, but the Jira vulnerability also deserves the attention it deserves. Versions 8.20.0, 9.4.0, 9.5.0, and 9.6.0 contain a bug in FasterXML Jackson Databind (CVE-2020-25649). This allows hackers to carry out malicious actions on data integrity. The motto is already: patch as quickly as possible. A server having to go offline to install an update is a minor inconvenience compared to what happens if malicious parties find a way.

Atlassian has been in the headlines more often in recent months due to vulnerabilities in its systems. A series of bugs in October and November last year simply left Confluence’s user data compromised. Sometimes the provider itself makes a big mistake, for example in the summer of 2022 when it programmed hard-coded passwords into its software.