A critical zero-day vulnerability identified as CVE-2023-22515 has emerged, affecting on-premises installations of Confluence Server and Data Center.
This vulnerability poses a significant risk as it could potentially allow malicious actors to escalate their privileges within the system, leading to unauthorized access and control. In this post, we delve into what CVE-2023-22515 is, its impact, its exploitation in the wild, and the steps you can take to secure your Confluence instances from this threat.
What is CVE-2023-22515?
CVE-2023-22515 is a critical vulnerability discovered in on-premises instances of Confluence Server and Confluence Data Center, which could allow attackers to escalate privileges by exploiting broken access control flaws, potentially enabling unauthorized administrator account creations1.
Does it affect me?
If you are using versions 8.0.0 through 8.5.1 of Confluence Server or Data Center, you are affected. However, versions prior to 8.0.0 and Atlassian Cloud sites are not impacted. More information is available in Atlassian’s advisory on this vulnerability.
Has CVE-2023-22515 been actively exploited in the wild?
Yes, there have been reports of exploitation where attackers created unauthorized administrator accounts on vulnerable Confluence instances. This vulnerability has been exploited in user environments1.
Fixing CVE-2023-22515
To mitigate this issue, it is advised to update to a fixed version: 8.3.3, 8.4.3, or 8.5.2 (Long Term Support release) or later. Additionally, restricting external network access and blocking access to the /setup/* endpoints on Confluence instances are recommended until the system is updated.
Next steps
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: