Atlassian has issued a security advisory regarding a critical privilege-escalation vulnerability in Confluence Data Center and Server instances [3]. This vulnerability, known as CVE-2023-22515 [4], is actively being exploited and affects on-premises instances of Confluence from version 8.0.0 onwards [2]. It allows external attackers to create unauthorized Confluence administrator accounts and gain control of affected systems [2]. The severity level of this vulnerability is unusually high, ranging between 9 and 10 [2].

Description

Atlassian has released patches for the affected versions and recommends upgrading affected installations to the fixed versions. In addition, they suggest implementing measures to block network access to the affected endpoints as a mitigation strategy. Cloud instances are not affected by this vulnerability. Indicators of compromise include unexpected members in the confluence-administrator group [3], newly created user accounts [3], and requests to specific endpoints [3]. Promptly patching systems is crucial as Confluence is a popular target for cyber attackers. If immediate upgrading is not feasible [1], organizations are advised to implement mitigations and regularly check for indicators of compromise. It is worth noting that Atlassian has previously addressed similar vulnerabilities in Confluence Server and Data Center.

Conclusion

This privilege-escalation vulnerability in Confluence poses a significant risk to affected systems. Organizations should take immediate action to patch their installations or upgrade to the fixed versions provided by Atlassian. Implementing measures to block network access to affected endpoints can also help mitigate the risk. It is important to regularly check for indicators of compromise and be aware of unexpected members in the confluence-administrator group or newly created user accounts. Atlassian’s previous efforts to address similar vulnerabilities in Confluence Server and Data Center highlight the ongoing importance of maintaining strong security measures for this platform.

References

[1] https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
[2] https://www.darkreading.com/application-security/critical-zero-day-atlassian-confluence-active-exploit
[3] https://www.tenable.com/blog/cve-2023-22515-zero-day-vulnerability-in-atlassian-confluence-data-center-and-server-exploited
[4] https://www.cisecurity.org/advisory/a-vulnerability-in-atlassian-confluence-server-and-data-center-could-allow-for-privilege-escalation_2023-115