Security researchers are observing exploitation makes an attempt for the CVE-2023-22527 distant code execution flaw vulnerability that impacts outdated variations of Atlassian Confluence servers.
Atlassian disclosed the safety problem final week and famous that it impacts solely Confluence variations launched earlier than December 5, 2023, together with some out-of-support releases.
The flaw has a important severity rating and is described as a template injection weak spot that permits unauthenticated distant attackers to execute code on weak Confluence Data Center and Confluence Server endpoints, variations variations 8.0.x, 8.1.x, 8.2.x, 8.3.x , 8.4.x, and eight.5.0 via 8.5.3.
A repair is accessible for Confluence Data Center and Server variations 8.5.4 (LTS), 8.6.0 (Data Center solely), and eight.7.1 (Data Center solely), and later variations.
Threat monitoring service Shadowserver stories in the present day that its programs recorded hundreds of makes an attempt to take advantage of CVE-2023-22527, the assaults originating from a bit over 600 distinctive IP addresses.
The service says that attackers are attempting out callbacks by executing thewhoami‘ command to collect details about the extent of entry and privileges on the system.
The complete variety of exploitation makes an attempt logged by The Shadowserver Foundation is above 39,000, many of the assaults coming from Russian IP addresses.
Shadowserver stories that its scanners at the moment detect 11,100 Atlassian Confluence situations accessible over the general public web. However, not all of these essentially run a weak model.
Atlassian Confluence vulnerabilities are property ceaselessly exploited by numerous sorts of attackers, together with refined state-sponsored risk actors and opportunistic ransomware teams.
Regarding CVE-2023-22527, Atlassian has beforehand stated it was unable to offer particular indicators of compromise (IoCs) that may support in detecting instances of exploitation.
Confluence server directors ought to make it possible for the endpoints they handle have been up to date not less than to a model launched after December 5, 2023.
For organizations with outdated Confluence situations, the recommendation is to deal with them as doubtlessly compromised, search for indicators of exploitation, carry out a radical cleanup, and replace to a protected model.