US authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation.
The joint cybersecurity advisory from CISA, FBI, and Multi-State Information Sharing and Analysis Center (MS-ISAC) comes after the October 4 disclosure of CVE-2023-22515, which was assigned a CVSS score of 10 by Atlassian.
Given that the potential consequences of a successful exploit could lead attackers to create new admin accounts for themselves, and the sophistication of the attackers already attempting exploits, the organizations expressed a strong degree of immediacy in their update.
