1 min read

Mitigation Instructions for CVE-2023-22518

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team : Jul 12, 2024 5:05:53 PM

security
Mitigation Instructions for CVE-2023-22518

Subject: CVE-2023-22518

Tech Stack:

  • Confluence Data Center and Server

Date Issued:

  • Original Date: 2023-10-31
  • Last Modified Date: 2023-11-07

Criticality:

  • Severity: Critical
  • Description: This vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account, potentially leading to a complete loss of confidentiality, integrity, and availability.

Overview:

  • CVE-2023-22518 is an improper authorization vulnerability in Atlassian Confluence Data Center and Server. By sending specially crafted requests to the setup-restore endpoints, an unauthenticated attacker can reset the Confluence instance and create an administrator account. This allows the attacker to perform any administrative actions, leading to significant data loss and potential for remote code execution if combined with other vulnerabilities.

Attack Mechanisms:

  1. Unauthorized Reset and Account Creation:
    • An attacker sends crafted requests to the setup-restore endpoints to reset Confluence and create an admin account.
  2. Full Administrative Access:
    • The newly created admin account can perform all actions available to an admin, leading to potential data loss and system compromise.

Affected Systems:

  • All versions of Confluence Data Center and Server prior to the fixed versions.

Mitigation Solution:

  1. Upgrade: Upgrade to one of the following fixed versions:
    • Confluence Data Center and Server: 7.19.16, 8.3.4, 8.4.4, 8.5.3, 8.6.1 (Data Center only)
  2. Immediate Actions: For those unable to upgrade immediately:
    • Disconnect the Confluence instance from the internet.
    • Back up the data to a secure location.
    • Block access to the following endpoints:
      • /json/setup-restore.action
      • /json/setup-restore-local.action
      • /json/setup-restore-progress.action
    • Modify the web.xml file to include the following block:
      xml
       
      <security-constraint>
      <web-resource-collection>
      <url-pattern>/json/setup-restore.action</url-pattern>
      <url-pattern>/json/setup-restore-local.action</url-pattern>
      <url-pattern>/json/setup-restore-progress.action</url-pattern>
      <http-method-omission>*</http-method-omission>
      </web-resource-collection>
      <auth-constraint />
      </security-constraint>
    • Restart Confluence after making these changes.

References:
Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Oct 21, 2024 10:26:10 AM

Subject: Mitigating CVE-2014-6271: Shellshock Vulnerability in Bash

security
Read More
Mitigation Instructions for CVE- 2014-7187

Mitigation Instructions for CVE- 2014-7187 "Shellshock"

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Oct 18, 2024 4:05:24 PM

Subject: Mitigating CVE-2014-7187: “Shellshock” or “Bash Bug” Vulnerability

security
Read More
Mitigation Instructions for CVE-2024-28987

Mitigation Instructions for CVE-2024-28987

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Oct 8, 2024 4:04:58 PM

Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk

security
Read More