You use Confluence Server or Confluence Data Center 

Update

To address this issue, Atlassian released:

• Confluence Server and Data Center versions:

  • 8.3.3 or later
  • 8.4.3 or later
  • 8.5.2 (Long Term Support release) or later

You can download the latest versions from the download pages for Confluence Server or Confluence Data Center.

Mitigation

Installing a fixed version of Confluence is the safest way to remediate CVE-2023-22515. If you are unable to immediately upgrade Confluence, then as a temporary workaround we recommend restricting external network access to the affected instance.

Additionally, you can mitigate known attack vectors for this vulnerability by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files.

1. On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml  and add the following block of code (just before the </web-app> tag at the end of the file):
   

   <security-constraint>
         <web-resource-collection>
           <url-pattern>/setup/*</url-pattern>
   			<http-method-omission>*</http-method-omission>
   		</web-resource-collection>
         <auth-constraint />
   	</security-constraint>

   
   

2. Restart Confluence.

This action will block access to setup pages that are not required for typical Confluence usage, for further details see Atlassians FAQ page.

Threat detection

As well as upgrading to a fixed version, we recommend you check all affected Confluence instances for the following indicators of compromise:

• unexpected members of the confluence-administrator group

• unexpected newly created user accounts

• requests to /setup/*.action in network access logs

• presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory

Further details on how to do the above are available on Atlassians FAQ page.