See Also - Atlassian patches critical Confluence zero-day exploited in attacks
Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10.
November 7, 2023 By Becky Bracken
Active ransomware and other cyberattacks against unpatched Atlassian Confluence Data Center and Server technology have driven up the CVSS score of the related vulnerability from its original 9.1 to 10, the most critical rating on the scale.
All versions of Atlassian Confluence Data Center and Server are impacted, according to Atlassian, though cloud instances are not.
The improper authorization flaw's score, tracked under CVE-2023-22518, has been raised "due to a change in scope of the attack," according to the Atlassian advisory, which added there have now been observed active exploits against against the bug, including ransomware. Researchers at Rapid7 also issued an advisory warning of snowballing attacks starting over the weekend.