HomePentest-Tools.com Logo

Atlassian Confluence Server - Improper Authorization CVE-2023-22518

Severity
CVSSv3 Score
9.8
Vulnerability description

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.\n

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

We recommend you to upgrade the affected software to the latest version, which mitigates this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Oct 31, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available