Administrators were alerted by Atlassian that a significant security weakness in Confluence has a public exploit accessible. This exploit can be used in attacks aimed at destroying data on unpatched and Internet-exposed instances. “As part of Atlassian’s ongoing monitoring of this CVE, we observed publicly posted critical information about the vulnerability which increases risk of exploitation,” the business stated.
This authentication bypass vulnerability, tracked as CVE-2023-22518, affects all versions of the Confluence Data Center and Confluence Server software and has a severity rating of 9.1 out of 10. In an update to the initial advisory, Atlassian stated that it has discovered a publicly accessible vulnerability that poses a serious risk to instances that are exposed to the public.