Lucene search

AttackerKBAKB:B9B1AC9A-9261-45CF-BEA4-A10D76960C24

HistoryOct 31, 2023 - 12:00 a.m.

CVE-2023-22518

2023-10-3100:00:00

attackerkb.com

confluence data center

confluence server

improper authorization

unauthenticated attacker

administrator account

confidentiality

integrity

availability

atlassian cloud

atlassian.net

ransomware deployment

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

87.0%

JSON

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to – but not limited to – full loss of confidentiality, integrity and availability.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Recent assessments:

cbeek-r7 at November 06, 2023 3:53pm UTC reported:

Rapid7 observed as of November 5, 2023, exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4