Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-text-to-speech domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-bookmark-follow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the soledad domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-paywall domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-frontend-submission domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114
Atlassian warns of new critical Confluence vulnerability threatening data loss – HacksByte

Atlassian warns of new critical Confluence vulnerability threatening data loss

Atlassian has warned of a serious security flaw in Confluence data centers and servers that “could lead to significant data loss if exploited by an unauthenticated attacker.”

Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. This has been described as an example of an “improper authorization vulnerability”.

All versions of Confluence Data Center and Server are vulnerable to the bug, and it has been addressed in the following versions –

  • 7.19.16 or later
  • 8.3.4 or later
  • 8.4.4 or later
  • 8.5.3 or later, and
  • 8.6.1 or later

That said, the Australian company stressed that there is “no impact on privacy as an attacker cannot breach the data in any case.”

No other details are provided about the flaw and the exact method by which an adversary could take advantage of it, presumably due to the fact that doing so could help threat actors plot an exploit.

Atlassian is also urging customers to take immediate action to secure their instances, and is recommending that those with access be disconnected from the public internet until the patch is applied.

Additionally, users who are running a version outside the support window are advised to upgrade to a fixed version. Atlassian Cloud sites are not affected by this issue.

Although there is no evidence of active exploitation in the wild, previously discovered vulnerabilities in the software, including the recently publicized CVE-2023-22515, have been weaponized by threat actors.

Related posts

Security expert turns out to be a scammer, used Apple’s bug to rob the company of $2.5 million

Chinese hackers exploited FortiGate Flaw to break the Dutch Military Network

Hackers are taking advantage of Ivanti VPN flaws to deploy KrustyLoader malware

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More