Significant data compromise possible with new Atlassian Confluence bug

Significant data compromise stemming from the potential exploitation of a critical vulnerability impacting all internet-exposed Atlassian Confluence Data Center and Server instances, has prompted Atlassian Chief Information Security Officer Bala Satriamurthy to urge immediate remediation of the flaw with recently issued patches, reports The Record, a news site by cybersecurity firm Recorded Future. "There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances," said Satriamurthy in a note that accompanied Atlassian's advisory on the flaw. Meanwhile, organizations that could not immediately patch impacted Confluence implementations have been urged to adopt network access restrictions until the fixes have been applied. Such a flaw comes weeks after Atlassian issued an advisory noting that the same products were impacted by a critical zero-day bug, tracked as CVE-2023-22515, which has been actively exploited to facilitate unauthorized Confluence admin account creation and Confluence account access.