Ambientia's response to Atlassian Confluence CVE-2023-22515
Incident
Report for Ambientia
Resolved
All immediately required actions were completed at latest during Thursday 2023-10-05.
We continue to closely monitor the situation and are prepared to plan and implement additional actions, if the situation necessitates it.
We continue to closely monitor the situation and are prepared to plan and implement additional actions, if the situation necessitates it.
Monitoring
On 4th of October 2023, Atlassian published a critical security vulnerability with CVSS score of 10. Using this vulnerability, attackers are able to set up new user accounts with privileges of Confluence Administrator. The vulnerability only affects Confluence versions newer than 8.0.0.
We have assessed the Confluence installations under Ambientia's management and have concluded that majority of them are running versions that are not affected by this vulnerability. In the case we've determined an instance of Atlassian Confluence we are managing to be vulnerable, we have applied the mitigation suggested by Atlassian and have checked the instance for known indicators of compromise (e.g. recently created administrative accounts).
We are monitoring the situation actively and are prepared to act on it if such a need arises.
As always, should you have any questions regarding this vulnerability, please get in touch with our Service Desk.
For more information about the vulnerability, please review Atlassian's official security advisory here: https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
We have assessed the Confluence installations under Ambientia's management and have concluded that majority of them are running versions that are not affected by this vulnerability. In the case we've determined an instance of Atlassian Confluence we are managing to be vulnerable, we have applied the mitigation suggested by Atlassian and have checked the instance for known indicators of compromise (e.g. recently created administrative accounts).
We are monitoring the situation actively and are prepared to act on it if such a need arises.
As always, should you have any questions regarding this vulnerability, please get in touch with our Service Desk.
For more information about the vulnerability, please review Atlassian's official security advisory here: https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html