A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data Center and Server versions 8.0.0 and later, but then re-classified as an issue stemming from broken access control. Atlassian said on October 5 that multiple customers have reported attacks in which external attackers have used … More
The post Critical Atlassian Confluence vulnerability exploited by state-backed threat actor appeared first on Help Net Security.