Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defenders had “zero days” to patch the flaw.
The vulnerability has since been issued an ID, CVE-2023-22515, and rated with the highest possible severity, a CVSS score of ten. Atlassian’s October 4 advisory warns that “Publicly accessible Confluence Data Center and Server versions … are at critical risk and require immediate attention.”
Read more…
Source: Malwarebytes Labz