Atlassian has urged immediate patching of a critical vulnerability impacting all Confluence Data Center and Confluence Server versions, tracked as CVE-2023-22518, following the emergence of a public exploit that could be exploited to facilitate data wiping attacks, reports BleepingComputer.
"There are still no reports of an active exploit, though customers must take immediate action to protect their instances. If you already applied the patch, no further action is required," said Atlassian in an advisory that comes days after Chief Information Security Officer Bala Sathiamurthy warned of potentially significant data loss from attacks leveraging the bug.
Organizations that could not promptly apply issued patches have been advised to restrict access to specific endpoints and restart vulnerable instances.
"These mitigation actions are limited and not a replacement for patching your instance; you must patch as soon as possible," added Atlassian.
Such a development follows a federal advisory urging remediation of the actively exploited Confluence privilege escalation bug, tracked as CVE-2023-22515.