Get in Touch
Indiscriminate, opportunistic targeting.
Atlassian has released security patches for security flaws tracked as:
- CVE-2023-22505 (CVSSv3 score: 8.0) – RCE (Remote Code Execution) in Confluence Data Centre and Server
- CVE-2023-22508 (CVSSv3 score: 8.5) – RCE (Remote Code Execution) in Confluence Data Centre and Server
- CVE-2023-22506 (CVSSv3 score: 7.5) – Injection, RCE (Remote Code Execution) in Bamboo
- Successful exploitation of CVE-2023-22505 and CVE-2023-22508 allows an authenticated threat actor to execute arbitrary code which has high impact to the confidentiality, integrity and availability of data.
- Successful exploitation of CVE-2023-22506 allows an authenticated threat actor to modify the actions taken by a system call and execute arbitrary code which has high impact to the confidentiality, integrity and availability of data.
Atlassian has released security patches with regards to these vulnerabilities. As such, previous versions are vulnerable to potential exploitation.
- CVE-2023-22505 and CVE-2023-22508:
- Atlassian Confluence Server
- Atlassian Data Centre
Atlassian Bamboo Data Centre
Containment, Mitigations & Remediations
It is strongly recommended that users of the affected product versions apply the relevant security patches as soon as possible:
- CVE-2023-22505: Remediated in Confluence Server versions 8.3.2 and 8.4.0
- CVE-2023-22508: Remediated in Data Centre versions 7.19.8 and 8.2.0
- CVE-2023-22506; Remediated in Bamboo versions 9.2.3 and 9.3.1
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Atlassian occupies a significant proportion of the team-collaboration market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Atlassian products could emerge as a prime target for threat actors. Due to the fact that Atlassian products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to exfiltrate the sensitive data contained therein.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0002 – Execution