Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-22518
HistoryOct 31, 2023 - 3:15 p.m.

CVE-2023-22518

2023-10-3115:15:08
CWE-863
[email protected]
web.nvd.nist.gov
cve-2023-22518
improper authorization
confluence
atlassian
confidentiality
integrity
availability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.966 High

EPSS

Percentile

99.6%

JSON

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Affected configurations

NVD
Node
atlassianconfluence_data_centerRange1.0.07.19.16
OR
atlassianconfluence_data_centerRange7.20.08.3.4
OR
atlassianconfluence_data_centerRange8.4.08.4.4
OR
atlassianconfluence_data_centerRange8.5.08.5.3
OR
atlassianconfluence_data_centerMatch8.6.0
Node
atlassianconfluence_serverRange1.0.07.19.16
OR
atlassianconfluence_serverRange7.20.08.3.4
OR
atlassianconfluence_serverRange8.4.08.4.4
OR
atlassianconfluence_serverRange8.5.08.5.3
OR
atlassianconfluence_serverMatch8.6.0

Related

talosblog 1
nuclei 1
githubexploit 8
hivepro 1
nessus 2
zdt 1
trendmicroblog 1
prion 1
cisa_kev 1
metasploit 1
attackerkb 1
thn 5
cvelist 1
cve 1
packetstorm 1
malwarebytes 1
wallarmlab 2
rapid7blog 3
impervablog 1
qualysblog 1
talosblog
talosblog
A new video series, Google Forms spam and the various gray areas of cyber attacks
2023-11-09 19:00:43
nuclei
nuclei
Atlassian Confluence Server - Improper Authorization
2023-11-02 18:36:47
githubexploit
githubexploit
Exploit for Incorrect Authorization in Atlassian Confluence Data Center
2023-11-28 03:33:16
Exploit for Incorrect Authorization in Atlassian Confluence Data Center
2023-10-31 05:35:00
Exploit for Incorrect Authorization in Atlassian Confluence Data Center
2023-11-05 06:45:33
hivepro
hivepro
Atlassian’s Latest Critical Confluence Flaw Poses Risk of Data Loss
2023-11-01 12:39:26
nessus
nessus
Atlassian Confluence Authentication Bypass (CONFSERVER-93142) (Direct Check)
2023-11-08 00:00:00
Atlassian Confluence < 7.19.16 / 8.x < 8.3.4 / 8.4.x < 8.4.4 / 8.5.x < 8.5.3 / 8.6.x < 8.6.1 (CONFSERVER-93142)
2023-10-31 00:00:00
zdt
zdt
Atlassian Confluence Improper Authorization / Code Execution Exploit
2023-12-19 00:00:00
trendmicroblog
trendmicroblog
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
2023-11-10 00:00:00
prion
prion
Authorization
2023-10-31 15:15:00
cisa_kev
cisa_kev
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
2023-11-07 00:00:00
metasploit
metasploit
Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518)
2023-11-22 03:14:27
attackerkb
attackerkb
CVE-2023-22518
2023-10-31 00:00:00
thn
thn
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
2024-04-17 10:57:00
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
2023-10-31 11:16:00
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers
2023-11-10 08:58:00
cvelist
cvelist
CVE-2023-22518
2023-10-31 14:30:00
cve
cve
CVE-2023-22518
2023-10-31 15:15:08
packetstorm
packetstorm
Atlassian Confluence Improper Authorization / Code Execution
2023-12-19 00:00:00
malwarebytes
malwarebytes
[updated] Atlassian: &#8220;Take immediate action&#8221; to patch your Confluence Data Center and Server instances
2023-11-02 12:54:23
wallarmlab
wallarmlab
Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)
2023-11-10 22:27:33
Server-Side Template Injection Vulnerability in Confluence Data Center and Server (CVE-2023-22527)
2024-01-30 18:40:35
rapid7blog
rapid7blog
Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518
2023-11-06 15:31:47
Metasploit Weekly Wrap-Up
2023-12-22 16:32:56
Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server
2024-01-19 15:40:43
impervablog
impervablog
Imperva customers are protected against CVE-2023-22518 in Confluence Data Center and Server
2023-11-03 22:58:05
qualysblog
qualysblog
Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk
2024-03-25 15:44:18

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.966 High

EPSS

Percentile

99.6%

JSON
Related for NVD:CVE-2023-22518
talosblog1nuclei1githubexploit8hivepro1nessus2zdt1trendmicroblog1prion1cisa_kev1metasploit1attackerkb1thn5cvelist1cve1packetstorm1malwarebytes1wallarmlab2rapid7blog3impervablog1qualysblog1