Privilege Escalation Vulnerability in Confluence Data Center and Server (CVE-2023-22515)

5 views
Skip to first unread message

Fleury, Terry

unread,
Oct 4, 2023, 2:41:06 PM10/4/23
to cv-an...@trustedci.org

CI Operators:

Atlassian has announced a privilege escalation vulnerability in Confluence Data Center and Server version 8.x [1] . The vulnerability has a CVSSv3 score of 8.5 and is tracked as CVE-2023-22513 [2].

 

Impact:

Attackers are exploiting a previously unknown vulnerability in Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and gain access to Confluence instances. This is a zero-day vulnerability active in the wild.

 

Affected Software

Confluence Data Center and Confluence Server:

  • v8.x < 8.3.3
  • v8.4 < 8.4.3
  • v8.5 < 8.5.2

Note that Atlassian Cloud sites are not affected by this vulnerability.

 

Recommendation:

Upgrade your instance [3] as soon as possible. Until then, it is recommended to restrict external network access to your Confluence instance. Additionally, you can mitigate attacks by blocking access to the "/setup/*" endpoints on your Confluence instances by modifying "/<confluence-install-dir>/confluence/WEB-INF/web.xml" on each node and adding the following block just before the "</web-app>" tag at the end of the file:

 

  <security-constraint>

    <web-resource-collection>

      <url-pattern>/setup/*</url-pattern>

      <http-method-omission>*</http-method-omission>

    </web-resource-collection>

    <auth-constraint />

  </security-constraint>

 

After changing the web.xml files, restart Confluence.

 

References:

[1] https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22513

[3] https://confluence.atlassian.com/doc/upgrading-confluence-4578.html 

 

How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.

 

Reply all
Reply to author
Forward
0 new messages