Atlassian Confluence Unauthenticated Remote Code Execution

TLP

TLP CLEAR

Author

David Deflache, Sebastien Tricaud

Summary

This week, we share data from another attack being exploited.

Atlassian Confluence faces a critical security threat with an actively exploited unauthenticated remote code execution vulnerability in Confluence Data Center and Server. The injection flaw enables unauthorized users to execute arbitrary code, affecting all versions before the latest fixes. Urgent action is essential to mitigate risks and ensure system security.

This shared network captured highlights indicators of HTTP traffic from attacker requests point of view only.

TIMELINE

DATA

We are providing data for attacks weekly hoping to contribute raising awareness to threats as we believe threats are best understood with their data footprint.

Attlasian-Confluence.pcap_Download

references

https://www.cisa.gov/sites/default/files/2023-10/aa23-289a-threat-actors-exploit-atlassian-confluence-cve-2023-22515-for-initial-access_0.pdf
https://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
https://nvd.nist.gov/vuln/detail/CVE-2023-22515