Tech Stack: Atlassian Confluence Data Center and Server

Date(s) Issued: Published: 10/31/2023; Last Modified: 11/20/2024

Criticality: CVSS v3 Score: 10.0 – CRITICAL

Overview: CVE-2023-22518 is a critical improper authorization vulnerability affecting all versions of Atlassian Confluence Data Center and Server. This flaw allows an unauthenticated attacker to reset the Confluence instance and create an administrator account, granting full administrative privileges. Exploitation can lead to a complete loss of confidentiality, integrity, and availability of the Confluence instance. Notably, Atlassian Cloud sites accessed via an atlassian.net domain are not affected by this vulnerability.

NIST National Vulnerability Database

Solution/Mitigation:

1. Upgrade:
   • Confluence Version: Upgrade to one of the fixed versions that address this vulnerability:
     • 7.19.16 or later
     • 8.3.4 or later
     • 8.4.4 or later
     • 8.5.3 or later
     • 8.6.1 or later (Data Center only)
   • Ensure to download the latest version from the Atlassian download center.
2. Alternative Measures:
   • Restrict Network Access: If immediate upgrading is not feasible, remove your Confluence instance from the internet to prevent unauthorized access. Jira
   • Block Vulnerable Endpoints: Apply interim measures by blocking access to the following endpoints:
     • /json/setup-restore.action
     • /json/setup-restore-local.action
     • /json/setup-restore-progress.action
   • This can be achieved by modifying the web.xml configuration file in your Confluence installation directory to include security constraints for these endpoints, followed by a restart of the Confluence service. Jira
3. Backup and Monitoring:
   • Backup Data: Perform a complete backup of your Confluence instance to secure your data before making any changes.
   • Monitor for Indicators of Compromise (IoCs): Review access logs and monitor for any suspicious activities, such as unauthorized account creations or unexpected system resets. Confluence
4. Engage Security Teams:
   • Collaborate with your internal security teams to assess the potential impact and ensure that appropriate measures are in place to detect and respond to any exploitation attempts.

Confirmation & Additional Information:

• Verification: After applying the upgrade or mitigations, test your Confluence instance to confirm that the vulnerability has been addressed. Ensure that unauthorized users cannot access administrative functionalities or reset the instance.
• Stay Updated: Regularly check for updates and security advisories from Atlassian to ensure your Confluence instance remains secure. Subscribe to Atlassian’s security advisories for the latest information.
• Official Resources:
  • Atlassian Security Advisory: CVE-2023-22518 – Improper Authorization Vulnerability in Confluence Data Center and Server
  • Atlassian FAQ for CVE-2023-22518: FAQ for CVE-2023-22518
  • National Vulnerability Database Entry: NVD – CVE-2023-22518