< BACK TO BLOG

October 16, 2023
by Andres Ramos

CVE-2023-22515: Critical Privilege Escalation Vulnerability in Confluence Data Center and Server

On October 4, 2023, Atlassian issued a security advisory revealing potential active exploitation of a previously unknown vulnerability (CVE-2023-22515, CVSS: 10) affecting Confluence Data Center and Server instances that are on-premises. This vulnerability can enable an unauthenticated, anonymous remote threat actor to escalate privileges by creating unauthorized Confluence administrator accounts and accessing Confluence instances across multiple versions of Confluence Data Center and Server.

Product	Affected Version
Confluence Data Center	8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4 8.1.0, 8.1.1, 8.1.3, 8.1.4 8.2.0, 8.2.1, 8.2.2, 8.2.3 8.3.0, 8.3.1, 8.3.2 8.4.0, 8.4.1, 8.4.2 8.5.0, 8.5.1
Confluence Server

Note: Versions prior to 8.0.0 and Atlassian Cloud sites (sites accessed via an atlassian.net domain) are not affected by CVE-2023-22515.

Atlassian first became aware of this issue when multiple customers reported the malicious activity conducted by external threat actors. At this time, Arctic Wolf has not identified a public Proof of Concept (PoC). However, it is highly likely that threat actors will develop exploits for this vulnerability in the future, given the ease of external access to these Confluence instances and the potential level of access they can achieve. Additionally, several previous Confluence vulnerabilities have been exploited by threat actors and added to CISA’s Known Exploited Vulnerability catalog.

Recommendation for CVE-2023-22515

Upgrade Confluence Data Center and Server to Fixed Versions

Arctic Wolf strongly recommends upgrading the affected Confluence products to their fixed versions (or any later versions).

Product	Fixed Version
Confluence Data Center	8.3.3 or later 8.4.3 or later 8.5.2 (Long Term Support release) or later
Confluence Server

Note: If an instance has already been compromised, upgrading does not remove the compromise.

Please follow your organization’s patching and testing guidelines to avoid operational impact.

Workarounds

For users who are unable to upgrade Confluence, Atlassian recommends restricting external network access to the affected Confluence Data Center and Server instance.

Additionally, Atlassian provides changes to Confluence configuration files that can mitigate attack vectors for CVE-2023-25115 by blocking access to endpoints on Confluence instances.

Further details on how to make the Confluence configuration files changes can be found in the Mitigation section of their security advisory.

References

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.

Continue Reading

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

COMPANY

CVE-2023-22515: Critical Privilege Escalation Vulnerability in Confluence Data Center and Server

Recommendation for CVE-2023-22515

Workarounds

References

Andres Ramos

Continue Reading

Arctic Wolf Networks 8939 Columbine Rd, Suite 150 Eden Prairie, MN 55347

1.888.272.8429

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd, Suite 150
Eden Prairie, MN 55347