TLDR: More than 600 IP addresses are launching thousands of exploit attempts against a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server, according to non-profit security org Shadowserver. Atlassian disclosed the flaw, a template injection flaw that can allow unauthenticated remote code execution (RCE) attacks, last week. The CVE scored a CVSS rating of 10 out of 10, and it affects Confluence Data Center and Server 8 versions released before December 5, 2023 and versions up to 8.4.5. As of Sunday, more than 11,000 instances remain exposed on the internet, and criminals are pounding them with RCE attempts. In an Xeet on Monday, Shadowserver reported seeing more than 39,000 such attempts since January 19. Atlassian hasn’t updated its CVE-2023-22527 security advisory to indicate any instances of Confluence Server being under active exploitation. Organizations with any external-facing vulnerable Atlassian instances should “assume a breach” and take precautions.
More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527, a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server, according to non-profit security org Shadowserver. The flaw is a template injection flaw that can allow unauthenticated remote code execution (RCE) attacks. At the time of disclosure, over 11,000 instances of the vulnerable software were still exposed on the internet. Shadowserver reported seeing over 39,000 RCE attempts since January 19. Organizations are urged to assume a breach and take precautions.