Critical Atlassian Vulnerability is Being Actively Exploited
Threat actors are actively exploiting a vulnerability in Atlassian Confluence Data Center and Server that the company disclosed on January 16. The flaw (CVE-2023-22527) is a critical template injection vulnerability affecting out-of-date versions of Atlassian Confluence Data Center and Server. The Shadowserver Foundation has observed nearly 40,000 attempts to exploit the vulnerability.
We have been seeing these attacks starting this weekend and quickly escalating since then. Luckily, I do not believe too many Confluence instances are still on-premise and active. Most customers have moved to Atlassian's cloud-based solution.
Attackers, seeing yet another Atlassian vulnerability, are actively hunting for vulnerable Internet-exposed servers. There are no workarounds on this one; you have to apply the update. Don't stop with the fixed version, go to the latest versions - Confluence Data Center and Server 8.5.5 (LTS) or Confluence Data Center 8.7.2 (Data Center Only). CVE-2023-22527 should be considered critical/CVSS Score 10.0, don't wait for the addition to the KEV catalog.
Read more in
Bleeping Computer: Hackers start exploiting critical Atlassian Confluence RCE flaw