Connect with us

Hi, what are you looking for?



Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure

The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed. 

Confluence exploitation

Attempts to exploit a critical Atlassian Confluence vulnerability tracked as CVE-2023-22527 started just days after the existence of the flaw came to light.

An advisory published by Atlassian on January 16 informed customers that out-of-date versions of Confluence Data Center and Server are affected by a critical security hole that allows an unauthenticated attacker to achieve remote code execution. 

The company noted that Confluence Data Center and Server 8 versions released before December 5, 2023, as well as 8.4.5, which no longer receives backported patches, are impacted. 

On Monday, January 22, the non-profit cybersecurity organization The Shadowserver Foundation reported seeing attempts to exploit CVE-2023-22527.

Shadowserver has seen close to 40,000 exploitation attempts coming from roughly 600 unique IP addresses. The activity is mostly “testing callback attempts and ‘whoami’ execution”, which suggests that malicious actors are looking for vulnerable servers that they can compromise and abuse to gain access to victims’ networks. 

The organization pointed out that there are currently 11,000 Confluence instances exposed to the internet, but it’s unclear how many of them are actually vulnerable to attacks exploiting CVE-2023-22527.

The DFIR Report has also seen exploitation attempts for CVE-2023-22527. The company warned about the attacks on January 21. 

Petrus Viet, the researcher who reported the flaw to Atlassian, has confirmed that it cannot be exploited against the latest versions of Confluence. 

Advertisement. Scroll to continue reading.

Technical details for the vulnerability were made public on Monday by ProjectDiscovery.

It’s not uncommon for threat actors to target Confluence vulnerabilities. The known exploited vulnerabilities catalog maintained by the US security agency CISA currently includes eight Confluence flaws — CVE-2023-22527 has yet to be added.

Related: Atlassian Patches Critical Remote Code Execution Vulnerabilities

Related: Atlassian Issues Second Warning on Potential Exploitation of Critical Confluence Flaw

Related: Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.