A vulnerability in Atlassian's Confluence Data and Server is being widely exploited, leading to ransomware deployment and the establishment of Server-Side Request Forgery (SSRF) attacks. The vulnerability, initially rated 9.1, was elevated to 10 due to active exploitation, and a persistent backdoor called Effluence has been found in compromised Confluence servers, allowing access to resources and data even after patches. Marten Mickos stated that remediated vulnerabilities cannot be exploited.
Remediated vulnerabilities cannot be exploited.
Initially given a critical CVSS v3 rating of 9.1, a vulnerability in @Atlassian Confluence tracked as CVE-2023-22518 was elevated to 10 after reports of active exploitation. #cybersecurity #infosec #ITsecurity https://t.co/hl6MQE7pD1
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers: https://t.co/8Z8iDpgDxO by The Hacker News #infosec #cybersecurity #technology #news
🔒 Researchers found a persistent backdoor called Effluence in compromised Atlassian Confluence servers. This allows attackers to access resources and data, even after patches. Learn more: https://t.co/JH1z2gc4H0 #cybersecurity #hacking
Initially given a critical CVSS v3 rating of 9.1, a vulnerability in @Atlassian Confluence tracked as CVE-2023-22518 was elevated to 10 after reports of active exploitation. #cybersecurity #infosec #ITsecurity https://t.co/hl6MQE7pD1
We have proactively protected against a vulnerability in the Sentry SDK, which made it possible to exploit Sentry's Tunnel feature to establish Server-Side Request Forgery (SSRF) attacks. https://t.co/J7A9aM1aNh
A #vulnerability discovered in Atlassian's #Confluence Data and Server is facing widespread #exploitation, including #ransomware deployment. https://t.co/BNU1G7uETU