1 min read

Mitigation Instructions for CVE-2023-22518

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team : Jul 12, 2024 5:05:53 PM

security
Mitigation Instructions for CVE-2023-22518

Subject: CVE-2023-22518

Tech Stack:

  • Confluence Data Center and Server

Date Issued:

  • Original Date: 2023-10-31
  • Last Modified Date: 2023-11-07

Criticality:

  • Severity: Critical
  • Description: This vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account, potentially leading to a complete loss of confidentiality, integrity, and availability.

Overview:

  • CVE-2023-22518 is an improper authorization vulnerability in Atlassian Confluence Data Center and Server. By sending specially crafted requests to the setup-restore endpoints, an unauthenticated attacker can reset the Confluence instance and create an administrator account. This allows the attacker to perform any administrative actions, leading to significant data loss and potential for remote code execution if combined with other vulnerabilities.

Attack Mechanisms:

  1. Unauthorized Reset and Account Creation:
    • An attacker sends crafted requests to the setup-restore endpoints to reset Confluence and create an admin account.
  2. Full Administrative Access:
    • The newly created admin account can perform all actions available to an admin, leading to potential data loss and system compromise.

Affected Systems:

  • All versions of Confluence Data Center and Server prior to the fixed versions.

Mitigation Solution:

  1. Upgrade: Upgrade to one of the following fixed versions:
    • Confluence Data Center and Server: 7.19.16, 8.3.4, 8.4.4, 8.5.3, 8.6.1 (Data Center only)
  2. Immediate Actions: For those unable to upgrade immediately:
    • Disconnect the Confluence instance from the internet.
    • Back up the data to a secure location.
    • Block access to the following endpoints:
      • /json/setup-restore.action
      • /json/setup-restore-local.action
      • /json/setup-restore-progress.action
    • Modify the web.xml file to include the following block:
      xml
       
      <security-constraint>
      <web-resource-collection>
      <url-pattern>/json/setup-restore.action</url-pattern>
      <url-pattern>/json/setup-restore-local.action</url-pattern>
      <url-pattern>/json/setup-restore-progress.action</url-pattern>
      <http-method-omission>*</http-method-omission>
      </web-resource-collection>
      <auth-constraint />
      </security-constraint>
    • Restart Confluence after making these changes.

References:
Mitigation Instructions for CVE-2024-28987

Mitigation Instructions for CVE-2024-28987

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Oct 8, 2024 4:04:58 PM

Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk

security
Read More
Mitigation Instructions for CVE-2017-1000486

Mitigation Instructions for CVE-2017-1000486

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Oct 8, 2024 4:01:04 PM

Subject: Mitigating CVE-2017-1000486: Remote Code Execution Vulnerability in PrimeTek PrimeFaces

security
Read More
Mitigation Instructions for Drupal SEoL (8.x)

Mitigation Instructions for Drupal SEoL (8.x)

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Oct 3, 2024 5:23:47 PM

Subject: Mitigating Vulnerability in Unsupported Drupal 8.x

security
Read More