QID 150745
Date Published: 2023-11-07
QID 150745: Atlassian Confluence Server and Data Center Broken Access Control Vulnerability (CVE-2023-22515) (Exploitation Check)
Confluence is a team collaboration software written in Java and mainly used in corporate environments, it is developed and marketed by Atlassian.
Multiple versions of Atlassian Confluence are affected by a Broken Access Control Vulnerability.
Affected versions:
Confluence versions 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.1.1, 8.1.3, 8.1.4, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.4.2, 8.5.0, 8.5.1
QID Detection Logic (Unauthenticated) :
This QID sends HTTP GET request to "server-info.action" endpoint with specially crafted payload altering the Confluence application configuration and subsequently verifies accessibility of Administrator endpoint.
Successful exploitation of this vulnerability could allow an attacker to create administrator accounts that can be used to access Confluence instances.
Atlassian has released a fix to address this issue. Customers are advised to upgrade to version 8.3.3, 8.4.3, 8.5.2 or later to remediate this vulnerability. For more information please refer Atlassian Security Advisory.
CVEs related to QID 150745
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Atlassian Security Advisory |
confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html |