Vulnerabilities and Threats (Corvus Alerts)
      Back to home
      1. Knowledge Nest
      2. Cybersecurity Tips + Vulnerability Alerts
      3. Vulnerabilities and Threats (Corvus Alerts)

      Confluence Vulnerability Alert | July 2023

      There are critical vulnerabilities in Confluence Data Center & Server and Bamboo Data Center. Here's what you need to know.

      Background

      Confluence issued a security advisory for several vulnerabilities. The flaws, CVE-2023-22505, CVE-2023-22506, CVE-2023-22508, affect Confluence Data Center & Server and Bamboo Data Center commonly used for collaboration and development. The vulnerabilities allow an unauthenticated attacker to execute remote code and take control of an affected system. Confluence released security updates, and we recommend organizations upgrade to the most recent version as soon as possible.

      Impact

      An attacker could gain unauthenticated access and execute remote code on an affected system. Corvus has observed similar vulnerabilities lead to data theft and extortion as well as ransomware attacks.

      Next Steps

      We encourage your organization to take the following steps to mitigate against potential attack:

      • Update to the most recent version