Atlassian Confluence Data Center and Server broken access control

Added: 11/02/2023

Background

Atlassian Confluence is a collaboration and knowledge management application.

Problem

Broken access control in Atlassian Confluence Data Center and Server could allow a remote attacker to create an administrator account, leading to remote command execution.

Resolution

Upgrade to Confluence 8.3.3, 8.4.3, or 8.5.2 or higher.

References

https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

Limitations

Upon successful exploitation, an administrator account is created which must be manually removed.
Back to exploit index