Atlassian Warns of Critical Confluence Vulnerability Resulting in Data Loss

 

Just weeks after state-backed hackers targeted its products, Australian software giant Atlassian has warned of a critical security flaw that could result in “significant data loss” for customers. 

The company issued an advisory this week urging clients to patch against the vulnerability affecting on-premise versions of Atlassian Confluence Data Centre and Server, a frequently used collaborative wiki system used by enterprises to manage and share work. This item was recently the target of Chinese state-sponsored hackers, who compromised a “handful” of Atlassian customers by exploiting a separate 10.0 maximum-rated vulnerability. 

This most recent vulnerability has been classified as an “improper authorization vulnerability.” It is tracked as CVE-2023-22518 and has received a rating of 9.1 out of 10 on the vulnerability severity scoring system. According to Atlassian, “significant data loss if exploited by an unauthenticated attacker” could result from it. 

There is “no impact to confidentiality as an attacker cannot exfiltrate any insta

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: