forenzy-logo

Empowering Digital Defense. We specialize in proactive Cyber Security services, Threat Detection, Data Protection, and Risk Resilience for robust e-security.

 

Contact Info

India   +91-81411-97000

aus   +1-(209)-263-0081

Follow Us

All you need to know about CVE-2023-22518 – Broken Authorization Vulnerability in Atlassian Confluence Data Center and Server

HomeCyber AwarenessBlog All you need to know about CVE-2023-22518 – Broken Authorization Vulnerability in Atlassian Confluence Data Center and Server
cyber-awareness-2
admin November 17, 2023 0 Comments

All you need to know about CVE-2023-22518 - Broken Authorization Vulnerability in Atlassian Confluence Data Center and Server

CVE-2023-22518 is a critical vulnerability within Atlassian Confluence Data Center and Server with CVSS score of 10. It enables an unauthorized attacker to gain control over a Confluence instance. This flaw involves broken authorization, permitting the attacker to circumvent authentication and establish a Confluence instance administrator account. Subsequently, this compromised account can be exploited for executing all administrative actions accessible to Confluence instance administrators. These actions encompass accessing sensitive data, altering configurations, and executing arbitrary code.

How does CVE-2023-22518 work?

CVE-2023-22518 takes advantage of a flaw in the way that Confluence handles certain types of requests. By sending a specially crafted request, an attacker can trick Confluence into creating a new administrator account with the attacker's chosen credentials.

Configure an account with username test

Configure an account with username test

Now observe the above screenshot where we are exploiting the Confluence URL with the Username ‘admin’ and Password as ‘admin’.

Once exploited, you can see below that we are unable to log in using the default username test with the password we set earlier while setting up confluence.

Admin account login
remove other user account

What are the risks of CVE-2023-22518?

CVE-2023-22518 is a critical vulnerability that can have a significant impact on organizations that use Confluence. If an attacker exploits this vulnerability, they could gain control of an organization's Confluence instance and access sensitive data, modify configurations, and execute arbitrary code. This could lead to data breaches, financial losses, and reputational damage.

How can I protect myself from CVE-2023-22518?

1. Atlassian recommends patching each affected installation to one of the specified fixed versions provided below.

  • Version 7.19.16
  • Version 8.3.4
  • Version 8.4.4
  • Version 8.5.3
  • Version 8.6.1

  • 2. Limit access to Confluence to only those users who require it. Utilize a firewall or another access control mechanism to implement access restrictions for Confluence.

    What if I am already affected by CVE-2023-22518?

    If you believe that your Confluence instance may be affected by CVE-2023-22518, you should take the following steps:
  • Apply the latest security update from Atlassian.
  • Change the passwords for all Confluence administrator accounts.
  • Scan your Confluence instance for unauthorized activity.
  • You can fill the form and reach out to our Team for the free consultation over the CVE-2023-22518. As shown in snap below, Forenzy's Team can help safeguarding against such ZERO Days without any DevOPS efforts or patch updates or downtime

  • Our years of Cyber Security experience help in identifying and mitigating such vulnerabilities. Adhering to these measures can assist in safeguarding your organization against CVE-2023-22518. Feel free to reach out to our team for more assistant over such issues.

    Stay Cyber Secure, Stay Aware!!