Skip to main content

Critical Atlassian Confluence flaw with vulnerability score of 10 draws federal warning

posted onOctober 16, 2023
by l33tdawg
Silicon Angle
Credit: Silicon Angle

The U.S. Cybersecurity and Infrastructure Agency, the Federal Bureau of Investigation and the Multi-State Information Sharing and Analysis Center today released a Cybersecurity Advisory over a recently disclosed vulnerability in Atlassian Corp.’s Confluence Data Center and Server that opens the door to malicious cyber threat actors.

Tracked as CVE-2023-22515, the vulnerability has a Common Vulnerabilities and Exposure score of 10, the highest possible rating. The vulnerability is a critical Broken Access Control vulnerability affecting versions of Atlassian Confluence Data Center and Server ranging from 8.0.0 through to 8.5.1.

Using the vulnerability, unauthenticated remote threat actors can create unauthorized Confluence administrator accounts and access Confluence instances. With the access, threat actors can change the Confluence server’s configuration to indicate the setup is not complete and use the /setup/setupadministrator.action endpoint to create a new administrator user. The vulnerability is said to be triggered via a request on the unauthenticated /server-info.action endpoint.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th