2023-10-5 03:1:57 Author: www.tenable.com(查看原文) 阅读量:44 收藏
A critical zero-day vulnerability in Atlassian Confluence Data Center and Server has been exploited in the wild in a limited number of cases. Organizations should patch or apply the mitigation steps as soon as possible.
Background
On October 4, Atlassian released a security advisory for CVE-2023-22515, a critical severity zero-day privilege escalation vulnerability in Confluence Data Center and Server that Atlassian says is “a previously unknown vulnerability” that has been exploited against a limited set of customers.
Analysis
CVE-2023-22515 is a critical privilege escalation vulnerability affecting on-premise Atlassian Confluence Data Center and Server products. Successful exploitation could allow for the creation of administrator accounts that can be used to access Confluence instances. At the time this blog was published, no CVSSv3 score was included in the advisory, but according to Atlassian’s severity level ratings, this score would be in the range of 9.0 to 10.0.
While limited information is available in the security advisory and dedicated FAQ page from Atlassian, the mitigation steps do reveal the endpoint that is impacted. According to the mitigation steps, blocking network access to the /setup/* endpoints will mitigate the threat of exploitation of this vulnerability. Additionally, the advisory notes that the customers who reported being attacked by this vulnerability had their Confluence servers publicly accessible.
Atlassian confirmed that cloud instances (Confluence sites accessed with a atlassian.net domain) are not affected by this vulnerability.
Confluence remains a target for threat actors
Atlassian Confluence is a popular target for a variety of cybercriminals. In June of 2022, Atlassian published an advisory for CVE-2022-26134, another critical zero-day vulnerability affecting Confluence Server and Data Center. The remote code execution vulnerability was exploited by multiple threat actors who appear to have been operating out of China. When that advisory was published on June 2, 2022, no patches were available, only mitigation steps. However a day later, patches were available along with a number of proof-of-concept scripts.
Proof of concept
As of October 4, no public proof-of-concept code was found for CVE-2023-22515.
Solution
Atlassian has released patches for CVE-2023-22515 and provides a list of affected versions in its advisory:
| Affected Versions | Fixed Versions |
|---|---|
| Versions prior to 8.0.0 | Not affected |
| 8.0.0 - 8.0.3 | Upgrade to a fixed version below |
| 8.1.0, 8.1.3, 8.1.4 | Upgrade to a fixed version below |
| 8.2.0 - 8.2.3 | Upgrade to a fixed version below |
| 8.3.0 - 8.3.2 | 8.3.3 or later |
| 8.4.0 - 8.4.2 | 8.4.3 or later |
| 8.5.0, 8.5.1 | 8.5.2 (Long Term Support release) or later |
In addition, Atlassian provides mitigation steps that can be applied if your organization cannot immediately patch this issue. We strongly recommend that you apply the provided patch as soon as possible to reduce your risk to this vulnerability.
As part of its FAQ document, Atlassian outlines some indicators of potential compromise which can aid organizations in determining if they may have been impacted by this vulnerability. These indicators of compromise are:
- unexpected members of the confluence-administrator group
- unexpected newly created user accounts
- requests to /setup/*.action in network access logs
- presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory
Identifying affected systems
A list of Tenable plugins to identify this vulnerability can be located on the individual CVE page for CVE-2023-22515 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.
Get more information
- Atlassian Security Advisory : CVE-2023-22515 - Privilege Escalation Vulnerability in Confluence Data Center and Server
- Atlassian KB: FAQ for CVE-2023-22515
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Scott Caveza
Scott joined Tenable in 2012 as a Research Engineer on the Nessus Plugins team. Over the years, he has written hundreds of plugins for Nessus, and reviewed code for even more from his time being a team lead and manager of the Plugins team. Previously leading the Security Response team and the Zero Day Research team, Scott is currently a member of the Security Response team, helping the research organization respond to the latest threats. He has over a decade of experience in the industry with previous work in the Security Operations Center (SOC) for a major domain registrar and web hosting provider. Scott is a current CISSP and actively maintains his GIAC GWAPT Web Application Penetration Tester certification.
Interests outside of work: Scott enjoys spending time with his family, camping, fishing and being outdoors. He also enjoys finding ways to break web applications and home renovation projects.
Related Articles
- Exposure Management
Cybersecurity News You Can Use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
65 assets
Choose Your Subscription Option:
Thank You
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Try Tenable Nessus Professional Free
FREE FOR 7 DAYS
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
NEW - Tenable Nessus Expert
Now Available
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro Trial.
Buy Tenable Nessus Professional
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
BUY
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
65 assets
Choose Your Subscription Option:
Thank You
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Try Tenable Web App Scanning
Formerly Tenable.io Web Application Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Buy Tenable Web App Scanning
Formerly Tenable.io Web Application Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Try Tenable Lumin
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Buy Tenable Lumin
Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank You
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Request a demo of Tenable Security Center
Formerly Tenable.sc
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Request a demo of Tenable OT Security
Formerly Tenable.ot
Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.
Request a demo of Tenable Identity Exposure
Formerly Tenable.ad
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Request a Demo of Tenable Cloud Security
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Thank You
Thank you for your interest in Tenable Cloud Security. A representative will be in touch soon.
See
Tenable One
In Action
Exposure management for the modern attack surface.
See Tenable Attack Surface Management In Action
Formerly Tenable.asm
Know the exposure of every asset on any platform.
Thank You
Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.
Try Tenable Nessus Expert Free
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Buy Tenable Nessus Expert
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Try Nessus Expert Free
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Buy Tenable Nessus Expert
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
如有侵权请联系:admin#unsafe.sh