ClickCease Urgent: Patch Atlassian Confluence Now - CISA & FBI Advisory

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Urgent: Patch Atlassian Confluence Now – CISA & FBI Advisory

Rohan Timalsina

November 2, 2023 - TuxCare expert team

CISA, FBI, and MS-ISAC are strongly advising network administrators to promptly apply patches to their Atlassian Confluence servers to protect against the active exploitation of a critical security vulnerability.

Identified as CVE-2023-22515, this critical flaw impacts specific versions of Atlassian Confluence Data Center and Server, allowing malicious actors to gain initial access to Confluence instances by creating unauthorized Confluence administrator accounts.


Atlassian Confluence Exploited as Zero-day

On October 4, Atlassian released security updates and urged users to immediately upgrade their Confluence instances to one of the patched versions (8.3.3 or later, 8.4.3 or later, or 8.5.2 or later). The urgency of this advice stems from the fact that the vulnerability was already being actively exploited “in the wild” as a zero-day.

Threat actors exploited CVE-2023-22515 as a zero-day, thereby gaining access to victim systems and persistently exploiting them even after patches were made available. Atlassian has classified this vulnerability as critical, and CISA, FBI, and MS-ISAC anticipate continued and widespread exploitation due to its ease of use.

For those unable to immediately upgrade, the guidance recommended shutting down affected instances or isolating them from internet access. Furthermore, network administrators were encouraged to conduct thorough checks for indicators of compromise, including the identification of new or suspicious administrative user accounts.

One week after CISA added this vulnerability to its list of known exploited vulnerabilities, Microsoft disclosed that a Chinese-backed threat group, known as Storm-0062 (also recognized as DarkShadow or Oro0lxy), had been exploiting this flaw as a zero-day since at least September 14, 2023.



This warning comes within two weeks of Atlassian releasing security updates to address the threat and less than a week after Microsoft’s Threat Intelligence unit identified a state-sponsored Chinese advanced persistent threat (APT) group named Storm-0062 (also known as DarkShadow or Oro0lxy) as the source behind a series of ongoing attacks that have been exploiting this highly critical flaw since as early as September 14.

Federal agencies are not only urging organizations to patch Atlassian Confluence but are also encouraging them to proactively seek out signs of malicious activities on their networks. They are providing guidance on how to detect these activities by utilizing the detection signatures and indicators of compromise (IOCs) listed in the advisory.


The sources for this article include a story from Security Boulevard.

Urgent: Patch Atlassian Confluence Now - CISA & FBI Advisory
Article Name
Urgent: Patch Atlassian Confluence Now - CISA & FBI Advisory
CISA, FBI, and MS-ISAC warn of a critical flaw being actively exploited. Secure your Atlassian Confluence server now to prevent attacks.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter