Atlassian Confluence Affected by a New 0day exploit, Update Now!

A major zero-day vulnerability that is periodically exploited and affects publicly accessible Confluence Data Center and Server instances has been fixed by Atlassian.

The flaw, identified as CVE-2023-22515, may be remotely exploited, giving outside attackers access to Confluence servers and the ability to establish fake administrator accounts.

Versions of Confluence lower than 8.0.0 are unaffected. Confluence sites that are viewed via an domain are similarly immune to this problem.

The vendor of corporate software services said that “a handful of customers” had alerted them to the problem. The following versions of Confluence Data Center and Server have addressed it:

8.3.3 onward
8.4.2 (Long Term Support release) or later, and 8.4.3 or later

However, the business withheld more information on the scope and character of the exploitation as well as the underlying source of the vulnerability.

(Score: 11) - 4.4/5