Within just three days of its public disclosure, malicious actors have actively started exploiting a recently revealed critical security vulnerability affecting Atlassian Confluence Data Center and Confluence Server.
Identified as CVE-2023-22527 with a CVSS score of 10.0, this flaw impacts outdated versions of the software, providing unauthenticated attackers with the capability to execute remote code on vulnerable installations.
The vulnerability is present in Confluence Data Center and Server 8 versions released before December 5, 2023, including version 8.4.5.
Shortly after the public disclosure, an alarming number of exploitation attempts, nearly 40,000, have been documented in the wild. These attempts, originating from over 600 unique IP addresses, were observed as early as January 19, as reported by both the Shadowserver Foundation and the DFIR Report.
The current activity primarily involves "testing callback attempts and 'whoami' execution," indicating that threat actors are actively scanning for susceptible servers with the intention of subsequent exploitation.
Active Exploitation of Critical Confluence RCE with 40,000 Attacks in a Span of 3 Days
News
January 24, 2024