CERT-FR Advisory: Vulnerability Identified in Atlassian Confluence

The French Government Cybersecurity Agency (CERT-FR) has issued an advisory regarding a critical vulnerability found in Atlassian Confluence, a collaborative content management system.

Vulnerability Summary: A security flaw has been identified in versions 8.0.x to 8.5.2 of Confluence Data Center and Confluence Server. This vulnerability exposes systems to potential risks of privilege escalation and security policy circumvention. The exploitation of this flaw has been reported on Confluence instances accessible from the Internet.

Affected Systems:

  • Confluence Data Center and Confluence Server versions 8.0.x to 8.3.x (prior to 8.3.3)
  • Confluence Data Center and Confluence Server versions 8.4.x (prior to 8.4.3)
  • Confluence Data Center and Confluence Server versions 8.5.x (prior to 8.5.2)

Recommended Solution: Affected users are advised to apply patches provided by the vendor. Details on these patches are available in the vendor’s security bulletin.

References and Documentation: Vendor’s Security Bulletin dated October 4, 2023 (No direct link provided)

CVE Reference: CVE-2023-22515

Users are strongly encouraged to follow the security guidelines issued by the vendor to safeguard their systems against potential exploitation of this vulnerability.