Fortra’s Alert Logic is actively researching a critical zero-day privilege escalation vulnerability affecting on-premise Atlassian Confluence Data Center and Server products. This vulnerability, CVE-2023-22515, could allow the creation of administrator accounts that can be used to access Confluence instances in publicly accessible servers. Affected customers are strongly urged to upgrade their affected installations.
Who is affected?
The affected versions of Confluence Data Center and Server are listed below.
- 8.0.0 - 8.0.4
- 8.1.0 - 8.1.4
- 8.2.0 - 8.2.3
- 8.3.0 - 8.3.2
- 8.4.0 - 8.4.2
- 8.5.0 - 8.5.1
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
What can I do?
Atlassian recommends upgrading each affected installation to one of the following fixed versions or any later version.
- 8.3.3 or later
- 8.4.3 or later
- 8.5.2 or later
For more information on this vulnerability and suggested mitigation, refer to the security bulletin published by Atlassian.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities.
Vulnerability Scanning: Alert Logic released scan coverage to identify CVE-2023-22515. An authenticated scan will check for the version of Atlassian Data Center or Server. If a vulnerable version is found, an exposure will be raised for CVE-2023-22515.
Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.
Network IDS: Alert Logic has deployed IDS signatures to detect exploit attempts for this vulnerability and aid in further detection research.
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.