Atlassian Confluence RCE Flaw: 40,000+ Attacks in 3 Days

A security vulnerability called (CVE-2023-22527) was found in the Confluence Data Center causing serious chaos when over 40,000 attacks were reported in just 3 days. Apparently, hackers were trying to exploit Atlassian Confluence RCE Flaw. Hitting the world by storm, this hack must have set some record.

About Atlassian Confluence RCE Flaw:

Atlassian Confluence RCE Flaw (CVE-2023-22527) is actually a template injection vulnerability. Attacks can use this flaw to execute malicious codes remotely potentially installing malware and maybe stealing confidential data. The CVE-2023-22527 has received a 10 out of 10 CVSS rating.

Atlassian Confluence RCE Flaw

40,000+ Attacks in 3 Days

Actually, On Jan 19th, 2024 the Atlassian released a security patch, disclosing details about security vulnerability discovered in Confluence Data Center. However, things turned sideways as from Jan 19 to Jan 21 over 40,000 attack attempts were detected, trying to target CVE-2023-22527 vulnerability.

You can imagine the vastness of these attacks by the fact that over 600 unique IP addresses were detected trying to exploit Atlassian Confluence RCE Flaw. The attacks originated from various countries including Russia, Singapore, Hong Kong, and so on.

The outdated versions of Confluence Data Center software were affected by the vulnerability CVE-2023-22527.  This issue allows unauthorized attackers to execute malicious code on the software remotely. This bug affected Confluence 8.4.5 as well as Data Centre and Server 8 versions that were released before December 5, 2023.

According to the latest reports, by January 21, 2024, more than 11,000 Atlassian instances were discovered to be accessible online. However, the number of files that are actually vulnerable to CVE-2023-22527 still remains to be unknown.

ProjectDiscovery researchers Rahul Maini and Harsh Jaiswal conducted technical research on vulnerability. Their research analysis states that CVE-2023-22527 is a severe vulnerability within Atlassian’s Confluence Server and Data Centre.

Due to Atlassian Confluence RCE Flaw, unauthorized attackers may inject OGNL expressions into the Confluence instance and execute arbitrary code and system commands.

So if you are using Confluence Data Center software, you should keep an eye on Confluence systems. If you notice any suspicious activity in the software, you must report any suspected incidents to Atlassian.

About the author


Leave a Comment