There are critical vulnerabilities in Confluence Data Center & Server and Bamboo Data Center. Here's what you need to know.
Confluence issued a security advisory for several vulnerabilities. The flaws, CVE-2023-22505, CVE-2023-22506, CVE-2023-22508, affect Confluence Data Center & Server and Bamboo Data Center commonly used for collaboration and development. The vulnerabilities allow an unauthenticated attacker to execute remote code and take control of an affected system. Confluence released security updates, and we recommend organizations upgrade to the most recent version as soon as possible.
An attacker could gain unauthenticated access and execute remote code on an affected system. Corvus has observed similar vulnerabilities lead to data theft and extortion as well as ransomware attacks.
We encourage your organization to take the following steps to mitigate against potential attack:
- Update to the most recent version.