Certain versions of Atlassian Confluence Data Center and Server have a zero-day vulnerability [CVE-2023-22515]. Successful exploitation allows malicious cyber threat actors to create a new administrator account on the target Confluence server, which can lead to a total loss of integrity and confidentiality of the data held in the server.
Severity
- Rated as critical by Atlassian. Atlassian Confluence has a large market share, further increasing this vulnerability’s notoriety.
- CISA, FBI, and MS-ISAC expect widespread, continued exploitation due to ease of exploitation.
- Rated as CRITICAL by the National Vulnerability Database (NVD) since it enables the creation of unauthorized administrator accounts.
What To Do
Search for Exposure
- Look for prior exposure to the following Confluence vulnerabilities:
- CVE-2019-3398
- CVE-2019-3396
- CVE-2022-26134
- CVE-2021-26084
- Look for “confirmed exposure” with:
-
Insurance App: Vulnerability Detection for Your Clients
-
SPM App: Vulnerability Detection Report
Security Update
Refer to the instructions provided by Atlassian to update your environment.
Resources
- Atlassian, “CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server”
- GitHub, Inc. “CVE-2023-22515 Exploit Script”
- NIST, “NVD CVE-2023-22515 Detail”
- Rapid7, “Technical Analysis”
- October 23, 2023: Updated advisory.
- October 18, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.