Atlassian Confluence Data Center and Server [CVE-2023-22515]

Certain versions of Atlassian Confluence Data Center and Server have a zero-day vulnerability [CVE-2023-22515]. Successful exploitation allows malicious cyber threat actors to create a new administrator account on the target Confluence server, which can lead to a total loss of integrity and confidentiality of the data held in the server.

Severity

• Rated as critical by Atlassian. Atlassian Confluence has a large market share, further increasing this vulnerability’s notoriety.
• CISA, FBI, and MS-ISAC expect widespread, continued exploitation due to ease of exploitation.
• Rated as CRITICAL by the National Vulnerability Database (NVD) since it enables the creation of unauthorized administrator accounts.

What To Do

Search for Exposure

• Look for prior exposure to the following Confluence vulnerabilities:
  • CVE-2019-3398
  • CVE-2019-3396
  • CVE-2022-26134
  • CVE-2021-26084
• Look for “confirmed exposure” with:

  • CM App: Vulnerability Detection for Your Portfolio

  • Insurance App: Vulnerability Detection for Your Clients

  • SPM App: Vulnerability Detection Report

Security Update

Refer to the instructions provided by Atlassian to update your environment.

Resources

• Atlassian, “CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server”
• GitHub, Inc. “CVE-2023-22515 Exploit Script”
• NIST, “NVD CVE-2023-22515 Detail”
• Rapid7, “Technical Analysis”