Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2023-22515
CVE-2023-22515:
Confluence Server vulnerability analysis and mitigation
Overview
A critical authentication vulnerability (CVE-2023-22515) was discovered in Atlassian Confluence Data Center and Server, reported in October 2023. The vulnerability allows external attackers to create unauthorized Confluence administrator accounts and access Confluence instances in publicly accessible installations. This affects versions 8.0.0 through 8.5.1, while versions prior to 8.0.0 and Atlassian Cloud sites (accessed via atlassian.net domain) are not affected (Atlassian Advisory).
Technical details
The vulnerability is classified as a Broken Access Control vulnerability with a Critical CVSS score of 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The exploit allows unauthenticated remote threat actors to modify critical configuration settings by leveraging the /setup/setupadministrator.action endpoint after changing the Confluence server's configuration to indicate incomplete setup. The vulnerability is triggered via a request on the unauthenticated /server-info.action endpoint (CISA Advisory, Atlassian FAQ).
Impact
If exploited, attackers gain full administrative access to affected Confluence instances, allowing them to perform unrestricted actions including exfiltration of content, theft of system credentials, and installation of malicious plugins. Evidence suggests that a known nation-state actor has been actively exploiting this vulnerability (Atlassian Advisory).
Mitigation and workarounds
Atlassian recommends immediate upgrade to fixed versions: 8.3.3 or later, 8.4.3 or later, or 8.5.2 (LTS) or later. If immediate upgrade is not possible, temporary mitigation involves blocking access to /setup/* endpoints through network layer controls or by modifying the Confluence configuration files. Organizations should also restrict external network access to affected instances until upgrades can be applied (Atlassian Advisory).
Community reactions
The vulnerability has garnered significant attention from security organizations, with CISA adding it to their Known Exploited Vulnerabilities Catalog on October 5, 2023, due to evidence of active exploitation. The FBI and CISA jointly released an advisory warning about the critical nature of this vulnerability and its active exploitation by threat actors (CISA Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management