The alerts we observed occurred between 10:08:34 and 23:05:35 UTC. Observed attacker behaviorīeginning November 5, 2023, Rapid7 MDR began responding to exploitation of Confluence Server within various customer environments. MDR has also observed attempts to exploit CVE-2023-22515, a critical broken access control vulnerability in Confluence that came to light on October 4.Ītlassian updated their advisory for CVE-2023-22518 on November 3 to note that exploitation of the vulnerability had been reported to them by a customer. Atlassian published an advisory for the vulnerability on October 31, 2023. We have confirmed that at least some of the exploits are targeting CVE-2023-22518, an improper authorization vulnerability affecting Confluence Data Center and Confluence Server. Daniel Lydon and Conor Quinn contributed attacker behavior insights to this blog.Īs of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |