ESB-2023.6313 – ALERT [Win][UNIX/Linux] Confluence Data Center and Server: CVSS (Max): 9.1

October 31, 2023

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2023.6313
CVE-2023-22518 – Improper Authorization Vulnerability In
Confluence Data Center and Server
1 November 2023

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Confluence Data Center
Confluence Server
Publisher: Atlassian
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Resolution: Patch/Upgrade
CVE Names: CVE-2023-22518

Original Bulletin:
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html

Comment: CVSS (Max): 9.1 CVE-2023-22518 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVSS Source: Atlassian
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

– ————————–BEGIN INCLUDED TEXT——————–

CVE-2023-22518 – Improper Authorization Vulnerability in Confluence Data Center
and Server

Summary of Vulnerability

An Important Message from Bala Sathaimurthy, Chief Information Security Officer
(CISO)
As part of our continuous security assessment processes, we have discovered
that Confluence Data Center and Server customers are vulnerable to significant
data loss if exploited by an unauthenticated attacker. There are no reports of
active exploitation at this time; however, customers [INS:must take immediate
action:INS] to protect their instances. Please read the Critical Security
Advisory below for instructions and vulnerability details.

Protecting customers’ instances is our top priority, and our prompt response
demonstrates our dedication to ensuring the safety of our customers and your
data. Atlassian is always reviewing security measures to reduce security risks
and support our customers in taking timely action. Customers can expect to
receive high-priority patches outside of our monthly advisory schedule as
necessary. We believe that taking proactive action is the best approach and we
appreciate your ongoing partnership.

All versions of Confluence Data Center and Server are affected by this
unexploited vulnerability. There is no impact to confidentiality as an attacker
cannot exfiltrate any instance data.

Publicly accessible Confluence Data Center and Server versions as listed below
are at critical risk and require immediate attention. See ‘What You Need to Do’
for detailed instructions.

Atlassian Cloud sites are not affected by this vulnerability. If your
Confluence site is accessed via an atlassian.net domain, it is hosted by
Atlassian and is not vulnerable to this issue.

Severity

Atlassian rates the severity level of this vulnerability as critical (9.1 with
the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) per our
internal assessment.
This is our assessment, and you should evaluate its applicability to your own
IT environment.

Affected Versions

This Improper Authorization vulnerability affects all versions prior to the
listed fix versions of Confluence Data Center and Server. Atlassian recommends
patching to the fixed LTS version or later.

+———————————+————————-+
| Product | Affected Versions |
+———————————+————————-+
|Confluence Data Center and Server|All versions are affected|
+———————————+————————-+

What You Need To Do

Immediately patch to a fixed version

Atlassian recommends that you patch each of your affected installations to one
of the listed fixed versions (or any later version) below.

Apply temporary mitigations if unable to patch

1. Back up your instance. (Instructions: https://confluence.atlassian.com/doc/
production-backup-strategy-38797389.html)
2. Remove your instance from the internet until you can patch, if possible.
Instances accessible to the public internet, including those with user
authentication, should be restricted from external network access until you
can patch.

Frequently Asked Questions (FAQ)

More details can be found at the Frequently Asked Questions (FAQ) page.

Support

If you did not receive an email for this advisory, and you wish to receive such
emails in the future go to https://my.atlassian.com/email and subscribe to
Alerts emails. If you have questions or concerns regarding this advisory,
please raise a support request at https://support.atlassian.com/.

Last modified on Oct 31, 2023

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZUGE9ckNZI30y1K9AQh01Q/+OSUe9lu4v4C8Z805KH6lU7njuewnMM67
TKwWTLUFY+TrHn65QxfdQkeEWdue5hnYIkQSvEaRnca2G3702JTPcUrX9SFLrbSB
uCCWEJ+ekMEKeDUPFmOj4Y8xOuPPFSFpWTLiyehNyQtVrWXh2QScy4KXvvzCwFNt
Cb8fdm6Dq986B9RvVCayyf6tKJqaTvzZ30qAyRWozTgU20S8bQF3C0zgpVrX8HlR
69dTESOXw9s0gQ4558v3ttMLZojKfatk3cM0m/M7g8jJo9jJm/dj4QrQerEvfzYE
dF0CEGOdEO1jkjlfqCl0wIvHdpCz0L/f2K36mSEQEtZGw8rS0nM93qzOvL3mQwMa
2AKehH7tZSSNeRyHNl0MWrynVDLaao0Vxn/DWBDqHlCjO5lRJEV2KfU3TqyZXf4n
XZpbGLsJAO/JOabIedMRkrojQxVD93IBJhq5As078kVSZdcVmU6Vr2vUorN4y/A+
G+qwYrSZacJ9ycmv9cyTIzlYbr/9KNVVpSVI2aUe3WZmXI30ad8a7Mjbr4pu+8PB
JoZSOVKPmbCqim3H0Nv3JCDZBKFRleCeA1vNMqlg6uhVdTpONT4N2ALC//ka5Ec+
JT1l2oDzW7pX7NbCmlmC/buZ1OvwtgbTO3gv68+FhN5SHQ0W7tbptfMenJj92Pla
a7/jmY8SvOM=
=jpgz
—–END PGP SIGNATURE—–Security BulletinsRead More