CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a warning regarding a recent Atlassian Confluence Data Center and Server zero-day. A nation-state threat actor exploited the zero-day on September 14, two weeks before Atlassian patched the vulnerability.
The advisory explained that cyber actors were able to obtain initial access and create unauthorized Confluence admin accounts. The vulnerability also enabled threat actors to modify server configuration settings and execute more malicious actions. CISA discovered publicly-available proof-of-concept exploit code, which indicates multiple threat actors have likely begun exploiting the vulnerability. The vulnerability impacts Confluence Data Center and Server versions 8.0.0 to 8.5.1. Customers should immediately update to versions 8.3.3, 8.4.3, and 8.5.2.
Read More: