Sign in / up

back to article Atlassian cranks up the threat meter to max for Confluence authorization flaw

Atlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10. The company overhauled its security advisory for CVE-2023-22518 after it realized there had been a "change in the scope of the attack" on Monday …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Michael Hoffmann Silver badge
    Facepalm

    Humble question to those affected or at risk

    Why is your Confluence server internet-facing?

    5 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Humble question to those affected or at risk

      Worth noting that they're trying to push people away from on-prem, at which point any Confluence server will be public facing.

      Maybe it's just me but somehow that doesn't strike me as a great track record..

      8 0 Reply
    2. FILE_ID.DIZ
      Reply Icon
      Pirate

      Re: Humble question to those affected or at risk

      Because sometimes people with no other skill than a company credit card and authorization to use it, think they can solve a problem without considering what it is that they're doing.

      2 0 Reply
    3. werdsmith Silver badge
      Reply Icon

      Re: Humble question to those affected or at risk

      Why is your Confluence server internet-facing?

      I know it's not just me, but why do people even use Confluence? We have it and Jira in our organisation and I just point blank refuse to touch it.

      1 0 Reply
    4. Zolko Silver badge
      Reply Icon

      Re: Humble question to those affected or at risk

      Why is your Confluence server internet-facing ?

      because that's the very purpose of it !

      1 1 Reply
    5. bazza Silver badge
      Reply Icon

      Re: Humble question to those affected or at risk

      Public facing or not is irrelevant. In any org your as worried about insiders as anyone else.

      Insider can mean customers too, if you're developing software under contract and following an Agile dev cycle using Jira / Confluence for the customer engagement.

      0 0 Reply
    6. CowHorseFrog Silver badge
      Reply Icon

      Re: Humble question to those affected or at risk

      why is anybody continuing to use Atlassian products after yet another vulnerability ?

      0 1 Reply
  2. Anonymous Coward
    Anonymous Coward

    What a happy coincidence for Atlassian

    .. who is busy forcing people into their Cloudy stuff.

    No, no, I did say it was a coincidence. I'm not implying anything.

    At least not in a legallt actionable way.

    5 0 Reply
    1. Zolko Silver badge
      Reply Icon

      Re: What a happy coincidence for Atlassian

      happy coincidence ? In times when they hike the price of Jira by 100% (or so), this is catastrophic : who will want to touch another of their products ?

      0 1 Reply
  3. -tim
    Facepalm

    but, but, but it is all fine!

    But they are so good!!!!

    We have the option of using our in house or their cloud stuff. They don't know security.

    Hell, I caused one of their top unicorn programmers to have a meltdown on a train after some hard questioning.

    I lock their stuff back behind way too much such while I'm trying to get the boss (and stockholder of Atlasicrap) to get something else.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like