Atlassian has advised all Confluence Data Center and Server customers to patch a critical vulnerability identified as an improper authorization bug (CVE-2023-22518) that could lead to significant data loss if exploited by an attacker. There have been no reports of active exploitation so far, and the bug doesn’t impact data confidentiality. The company has already released new versions of Confluence Data Center and Server to address the defect.
Software company lacked ‘downstream’ liability for data breach
Eric T. Berkman reports: A software company could not face “downstream” liability for a data breach that resulted in an end-user having to settle a
