Date of Notice: 10/16/2023
Action Level - Critical - CVE Score: 10/10
As part of our Edgeguard service, MCNC would like to make you aware of new threats affecting Atlassian Confluence server. The Cybersecurity and Infrastructure Security Agency (CISA) published an article on 10/16/2023 concerning a critical vulnerability in the Atlassian Confluence Ticketing Platform. The vulnerability has been reported as CVE-2023-22515; the vulnerability exists in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. Further information concerning the vulnerability can be found at CISA’s site and at Atlassian's site as well.
Atlassian Confluence servers running the affected versions listed as well as those not hosted by Atlassian. The vulnerability affects the following versions of Confluence: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.1.1, 8.1.3, 8.1.4, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.4.2, 8.5.0, 8.5.1.
The vulnerability is triggered via a request on the unauthenticated /server-info.action endpoint.
This attack can be performed if you have any of the vulnerable Atlassian Confluence Data Center and Server versions publicly accessible from the internet.
Remediation steps can be found here at Atlassian’s site.