All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907 | Issue Tracking Mitigation Vendor Advisory |
https://jira.atlassian.com/browse/CONFSERVER-93142 | Issue Tracking Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
17 Jun 2024, 13:28
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
19 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Nov 2023, 18:49
Type | Values Removed | Values Added |
---|---|---|
First Time |
Atlassian confluence Server
Atlassian Atlassian confluence Data Center |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-863 | |
References | (MISC) https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907 - Issue Tracking, Mitigation, Vendor Advisory | |
References | (MISC) https://jira.atlassian.com/browse/CONFSERVER-93142 - Issue Tracking, Mitigation, Vendor Advisory | |
CPE | cpe:2.3:a:atlassian:confluence_data_center:8.6.0:*:*:*:*:*:*:* cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:confluence_server:8.6.0:*:*:*:*:*:*:* cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* |
07 Nov 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
Summary | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | |
References |
|
06 Nov 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Oct 2023, 15:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-31 15:15
Updated : 2024-06-17 13:28
NVD link : CVE-2023-22518
Mitre link : CVE-2023-22518
CVE.ORG link : CVE-2023-22518
JSON object : View
Products Affected
atlassian
- confluence_data_center
- confluence_server
CWE
CWE-863
Incorrect Authorization