Atlassian Confluence Remote Code Execution Vulnerability (CVE-2023-22518)

Nov 02, 2023 GMT+08:00

I. Overview

Recently, Atlassian officially released a security notice, disclosing a major remote code execution vulnerability (CVE-2023-22518) in all versions of Confluence Server and Confluence Data Center. Unauthenticated remote attackers can construct malicious requests to trigger remote code execution. Successful exploitation of this vulnerability may cause data loss on the server.

Atlassian Confluence is developed for enterprise knowledge management and collaboration. It can be used to build corporate wikis. If you are an Atlassian Confluence user, check your versions and implement timely security hardening.

References:

https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

All Confluence Data Center and Server versions

Secure versions:

Atlassian Confluence >= 7.19.16

Atlassian Confluence >= 8.3.4

Atlassian Confluence >= 8.4.4

Atlassian Confluence >= 8.5.3

Atlassian Confluence >= 8.6.1

IV. Vulnerability Handling

This vulnerability has been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the secure version.

https://www.atlassian.com/software/confluence/download-archives

If the upgrade cannot be performed in a timely manner, perform the following operations based on the suggestions provided by Atlassian:

1. Back up the instance by referring to the following link:

https://confluence.atlassian.com/doc/production-backup-strategy-38797389.html

2. Use a whitelist to restrict accessible IP addresses.

3. If possible, delete the instance from the Internet until the upgrade can be performed.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.