THREAT ALERT
Thursday, November 2nd, 2023
A recent vulnerability has been discovered for Confluence Server and Data Center and is being tracked as CVE-2023-22518. At this time of this writing, this vulnerability is NOT known to have been exploited; however, Atlassian is recommending that those impacted take immediate action. The below information was taken directly from the Atlassian FAQ page for CVE-2023-22518, and the page was last updated on November 1, 2023.
A recent vulnerability has been discovered for Confluence Server and Data Center and is being tracked as CVE-2023-22518. At this time of this writing, this vulnerability is NOT known to have been exploited; however, Atlassian is recommending that those impacted take immediate action. The below information was taken directly from the Atlassian FAQ page for CVE-2023-22518, and the page was last updated on November 1, 2023.
Is my Confluence instance affected?
** Confluence 8.6.0 is a Data Center only release and doesn’t support Server licenses. If you upgrade to version 8.6 or later, please ensure you have a valid Data Center license.
Are Cloud instances affected?
My instance isn’t exposed to the Internet. Is a patch still recommended?
My instance is NOT connected to the internet; what should I do? Am I safe?
Does patching to a fixed version completely solve the issue?
I am running an affected version of Confluence. How can I mitigate the threat until I patch it?
Are other Atlassian products affected by this vulnerability?
Last modified on Nov 1, 2023
DefenseStorm Recommendations:
If you are impacted, regularly check the Atlassian FAQ for CVE-2023-22518 page to stay up to date on the latest patching instructions and guidance.
References:
[https[:]//confluence.atlassian[.]com/kb/faq-for-cve-2023-22518-1311474094[.]html]