Improper Authorization Vulnerability In Confluence Data Center and Server

Improper Authorization Vulnerability In Confluence Data Center and Server

02 Nov 2023
As part of Atlassian's ongoing monitoring of this CVE, we observed publicly posted critical information about the vulnerability which increases risk of exploitation. There are still no reports of an active exploit, though customers must take immediate action to protect their instances.

31 Oct 2023
As part of our continuous security assessment processes, we have discovered that Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker. There are no reports of active exploitation at this time; customers must take immediate action to protect their instances.

Protecting customers' instances is our top priority, and our prompt response demonstrates our dedication to ensuring the safety of our customers and your data. Atlassian is always reviewing security measures to reduce security risks and support our customers in taking timely action. Customers can expect to receive high-priority patches outside of our monthly advisory schedule as necessary. We believe that taking proactive action is the best approach and we appreciate your ongoing partnership.

Affected Systems

Affected Versions
This Improper Authorization vulnerability affects all versions prior to the listed fix versions of Confluence Data Center and Server. Atlassian recommends patching to the fixed LTS version or later.

IoC’s

-

Recommended Solution(s)

-

Mitigations

Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to one of the listed fixed versions (or the latest version) below.

CVE / CWE

CVE-2023-22518

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2023-22518
• https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.