Security News > 2023 > October > Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)
2023-10-05 10:01

Atlassian has fixed a critical zero-day vulnerability in Confluence Data Center and Server that is being exploited in the wild.

"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances," the company said.

Atlassian describes CVE-2023-22515 as a critical privilege escalation vulnerability, and has confirmed that it affects Confluence Data Center and Server versions 8.0.0 and later.

"Instances on the public internet are particularly at risk, as this vulnerability is exploitable anonymously. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue," the company stated.

"Atlassian's advisory implies that the vulnerability is remotely exploitable, which is typically more consistent with an authentication bypass or remote code execution chain than a privilege escalation issue by itself. It's possible that the vulnerability could allow a regular user account to elevate to admin - notably, Confluence allows for new user sign-ups with no approval, but this feature is disabled by default," she noted.

Among them is CVE-2021-26084 in Atlassian Confluence Server, which has been patched two years ago but is still being exploited by attackers.


News URL

https://www.helpnetsecurity.com/2023/10/05/cve-2023-22515/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-22515 Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
network
low complexity
atlassian
critical
9.8
2021-08-30 CVE-2021-26084 Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-917
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412