A critical zero-day vulnerability in Atlassian Confluence Data Center and Server has been exploited in the wild in a limited number of cases. Organizations should patch or apply the mitigation steps as soon as possible.
On October 4, Atlassian released a security advisory for CVE-2023-22515, a critical severity zero-day privilege escalation vulnerability in Confluence Data Center and Server that Atlassian says is “a previously unknown vulnerability” that has been exploited against a limited set of customers.
CVE-2023-22515 is a critical privilege escalation vulnerability affecting on-premise Atlassian Confluence Data Center and Server products. Successful exploitation could allow for the creation of administrator accounts that can be used to access Confluence instances. At the time this blog was published, no CVSSv3 score was included in the advisory, but according to Atlassian’s severity level ratings, this score would be in the range of 9.0 to 10.0.
While limited information is available in the security advisory and dedicated FAQ page from Atlassian, the mitigation steps do reveal the endpoint that is impacted. According to the mitigation steps, blocking network access to the /setup/* endpoints will mitigate the threat of exploitation of this vulnerability. Additionally, the advisory notes that the customers who reported being attacked by this vulnerability had their Confluence servers publicly accessible.
Atlassian confirmed that cloud instances (Confluence sites accessed with a atlassian.net domain) are not affected by this vulnerability.
Confluence remains a target for threat actors
Atlassian Confluence is a popular target for a variety of cybercriminals. In June of 2022, Atlassian published an advisory for CVE-2022-26134, another critical zero-day vulnerability affecting Confluence Server and Data Center. The remote code execution vulnerability was exploited by multiple threat actors who appear to have been operating out of China. When that advisory was published on June 2, 2022, no patches were available, only mitigation steps. However a day later, patches were available along with a number of proof-of-concept scripts.
As of October 4, no public proof-of-concept code was found for CVE-2023-22515.
Atlassian has released patches for CVE-2023-22515 and provides a list of affected versions in its advisory:
Affected Versions | Fixed Versions |
---|---|
Versions prior to 8.0.0 | Not affected |
8.0.0 - 8.0.3 | Upgrade to a fixed version below |
8.1.0, 8.1.3, 8.1.4 | Upgrade to a fixed version below |
8.2.0 - 8.2.3 | Upgrade to a fixed version below |
8.3.0 - 8.3.2 | 8.3.3 or later |
8.4.0 - 8.4.2 | 8.4.3 or later |
8.5.0, 8.5.1 | 8.5.2 (Long Term Support release) or later |
In addition, Atlassian provides mitigation steps that can be applied if your organization cannot immediately patch this issue. We strongly recommend that you apply the provided patch as soon as possible to reduce your risk to this vulnerability.
As part of its FAQ document, Atlassian outlines some indicators of potential compromise which can aid organizations in determining if they may have been impacted by this vulnerability. These indicators of compromise are:
A list of Tenable plugins to identify this vulnerability can be located on the individual CVE page for CVE-2023-22515 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Scott joined Tenable in 2012 as a Research Engineer on the Nessus Plugins team. Over the years, he has written hundreds of plugins for Nessus, and reviewed code for even more from his time being a team lead and manager of the Plugins team. Previously leading the Security Response team and the Zero Day Research team, Scott is currently a member of the Security Response team, helping the research organization respond to the latest threats. He has over a decade of experience in the industry with previous work in the Security Operations Center (SOC) for a major domain registrar and web hosting provider. Scott is a current CISSP and actively maintains his GIAC GWAPT Web Application Penetration Tester certification.
Interests outside of work: Scott enjoys spending time with his family, camping, fishing and being outdoors. He also enjoys finding ways to break web applications and home renovation projects.
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
65 assets
Choose Your Subscription Option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
FREE FOR 7 DAYS
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro Trial.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
BUY
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
65 assets
Choose Your Subscription Option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Formerly Tenable.io Web Application Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Formerly Tenable.io Web Application Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Formerly Tenable.sc
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Formerly Tenable.ot
Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.
Formerly Tenable.ad
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Thank you for your interest in Tenable Cloud Security. A representative will be in touch soon.
Exposure management for the modern attack surface.
Formerly Tenable.asm
Know the exposure of every asset on any platform.
Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.