Threat Advisories

Atlassian Confluence Zero-Day Actively Exploited in the Wild

October 6, 2023

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

A critical zero-day flaw, identified as CVE-2023-22515, affecting Confluence Data Center and Server instances is being actively exploited. This remotely exploitable vulnerability enables external attackers to create unauthorized Confluence administrator accounts and gain access to Confluence servers.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

‘Looney Tunables’ Flaw Enables Local Privilege Escalation in Glibc

BunnyLoader: The New Malware-as-a-Service Threat