Microsoft’s Threat intelligence team, has linked the exploitation of a recently revealed high-impact vulnerability in Atlassian Confluence Data Center and Server.
The vulnerability which is assigned a CVE record of CVE-2023-22515, is tracked down to be the operations of a nation-state threat actor known by the alias Storm-0062, aka DarkShadow or Oro0lxy.
This attribution underscores the involvement of a well-organized and potentially government-sponsored entity in leveraging the identified security flaw for their malicious activities.
The tech giant’s threat intelligence team detected real-world exploitation of this privilege escalation flaw starting on September 14, 2023.
In a thread on X (formerly Twitter), the tech giant describes that:
“CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server. Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a confluence administrator account within the application.”
Rated at the maximum CVSS severity score of 10.0, CVE-2023-22515 vulnerability, enables remote threat actors to illegally generate unauthorized Confluence administrator accounts and gain access to Confluence servers.
Microsoft’s threat intelligence has issued updated recommendations, advising organizations that are currently using vulnerable Confluence applications to take action promptly. Specifically, they are encouraged to upgrade to versions 8.3.3, 8.4.3, 8.5.2, or any subsequent releases. For those organizations that have not yet performed these essential upgrades, a temporary measure is suggested: isolating their vulnerable Confluence applications until the necessary upgrades can be implemented. This proactive approach aims to mitigate the risks associated with the known vulnerabilities until a more permanent solution can be applied.
More information about the Vulnerability can be found on ATLASSIAN
Please do let us know in the comment section what are your thoughts about this.