Fortra’s Alert Logic is actively researching a vulnerability in Atlassian Confluence Data Center and Server. This vulnerability, CVE-2023-22518, could allow an unauthenticated attacker to restore the database of a Confluence instance leading to significant loss of data.
Atlassian has released patches to mitigate this vulnerability as well as temporary mitigations.
Who is affected?
All versions of Confluence Data Center and Server are affected.
What can I do?
Atlassian has released patches to mitigate this vulnerability and recommends patching each of your affected installations to one of the following fixed versions.
- 7.19.16 or later
- 8.3.4 or later
- 8.4.4 or later
- 8.5.3 or later
- 8.6.1 or later
If you are unable to patch your installations immediately, Atlassian has recommended mitigation steps in their security update.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities.
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.