Security

Mitigation Instructions for CVE-2023-22518

Written by CyRisk Vulnerability Management Team | Jul 12, 2024 9:05:53 PM

Subject: CVE-2023-22518

Tech Stack:

  • Confluence Data Center and Server

Date Issued:

  • Original Date: 2023-10-31
  • Last Modified Date: 2023-11-07

Criticality:

  • Severity: Critical
  • Description: This vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account, potentially leading to a complete loss of confidentiality, integrity, and availability.

Overview:

  • CVE-2023-22518 is an improper authorization vulnerability in Atlassian Confluence Data Center and Server. By sending specially crafted requests to the setup-restore endpoints, an unauthenticated attacker can reset the Confluence instance and create an administrator account. This allows the attacker to perform any administrative actions, leading to significant data loss and potential for remote code execution if combined with other vulnerabilities.

Attack Mechanisms:

  1. Unauthorized Reset and Account Creation:
    • An attacker sends crafted requests to the setup-restore endpoints to reset Confluence and create an admin account.
  2. Full Administrative Access:
    • The newly created admin account can perform all actions available to an admin, leading to potential data loss and system compromise.

Affected Systems:

  • All versions of Confluence Data Center and Server prior to the fixed versions.

Mitigation Solution:

  1. Upgrade: Upgrade to one of the following fixed versions:
    • Confluence Data Center and Server: 7.19.16, 8.3.4, 8.4.4, 8.5.3, 8.6.1 (Data Center only)
  2. Immediate Actions: For those unable to upgrade immediately:
    • Disconnect the Confluence instance from the internet.
    • Back up the data to a secure location.
    • Block access to the following endpoints:
      • /json/setup-restore.action
      • /json/setup-restore-local.action
      • /json/setup-restore-progress.action
    • Modify the web.xml file to include the following block:
      xml
       
      <security-constraint>
      <web-resource-collection>
      <url-pattern>/json/setup-restore.action</url-pattern>
      <url-pattern>/json/setup-restore-local.action</url-pattern>
      <url-pattern>/json/setup-restore-progress.action</url-pattern>
      <http-method-omission>*</http-method-omission>
      </web-resource-collection>
      <auth-constraint />
      </security-constraint>
    • Restart Confluence after making these changes.

References:
View full post