bitvoodoo Advisories
Space shortcuts
Space Tools
bitvoodoo Advisories BVADVIS

Versions Compared

Old Version 5

changes.mady.by.user Miro Meier

Saved on

compared with

New Version 6

changes.mady.by.user Miro Meier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

This is a public space:

For the draft, please restrict the page during creation and
remove this warning when page is published



English

Contents

Table of Contents


Page properties


Date

 

Product

Confluence Data Center and Server

(info) Atlassian Cloud Instances are not affected

VulnerabilityCritical
CVECVE-2023-22515
Official link(warning) tbd




English

Privilege Escalation Vulnerability in Confluence Data Center and Server - CVE-2023-22515

Dear customer,

On the 4th of October 2023 6AM PDT, Atlassian issued a Security Advisory for Confluence Server & Confluence Data Center. The Cloud versions of the applications as well as other Atlassian products are not affected.

What you need to know

External attackers are exploiting a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

Warning

Instances on the public internet are particularly at risk, as this vulnerability is exploitable anonymously.

Affected Versions

Info

Confluence Data Center and Confluence Server:

  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 8.0.3
  • 8.0.4
  • 8.1.0
  • 8.1.1
  • 8.1.3
  • 8.1.4
  • 8.2.0
  • 8.2.1
  • 8.2.2
  • 8.2.3
  • 8.3.0
  • 8.3.1
  • 8.3.2
  • 8.4.0
  • 8.4.1
  • 8.4.2
  • 8.5.0
  • 8.5.1

What should I do?

Localtab Group


Localtab
activetrue
titleConfluence Server & Data Center
tabIconbvicon-server

You use Confluence Server or Confluence Data Center 

Update

To address this issue, Atlassian released:

  • Confluence Server and Data Center versions:

    • 8.3.3 or later
    • 8.4.3 or later
    • 8.5.2 (Long Term Support release) or later

You can download the latest versions from the download pages for Confluence Server or Confluence Data Center.

Mitigation

Installing a fixed version of Confluence is the safest way to remediate CVE-2023-22515. If you are unable to immediately upgrade Confluence, then as a temporary workaround we recommend restricting external network access to the affected instance.

Additionally, you can mitigate known attack vectors for this vulnerability by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files.

  1. On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml  and add the following block of code (just before the </web-app> tag at the end of the file):

    Code Block
    <security-constraint>
      <web-resource-collection>
        <url-pattern>/setup/*</url-pattern>
			<http-method-omission>*</http-method-omission>
		</web-resource-collection>
      <auth-constraint />
	</security-constraint>


  2. Restart Confluence.

This action will block access to setup pages that are not required for typical Confluence usage, for further details see Atlassians FAQ page.

Threat detection

As well as upgrading to a fixed version, we recommend you check all affected Confluence instances for the following indicators of compromise:

  • unexpected members of the confluence-administrator group

  • unexpected newly created user accounts

  • requests to /setup/*.action in network access logs

  • presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory

Further details on how to do the above are available on Atlassians FAQ page.


Localtab
titleConfluence Cloud
tabIconbvicon-cloud

You use Confluence Cloud

Tip

You are not affected by this Security Advisory. No need for action.



Localtab
titlebitvoodoo Cloud
tabIconbvicon-cloud

You use Confluence Server or Confluence Data Center on servers operated by bitvoodoo

Mitigation

Tip

The mitigation has been implemented to secure instances hosted on the bitvoodoo cloud. We have disabled the app on the instances where an update, due to the installed version of Jira, was not possible.

Update

LTS Update Package Customers will get contacted to discuss the need of an update.


Support

If you still have questions or concerns regarding this advisory, please contact the bitvoodoo support via support.bitvoodoo.ch.


French

Privilege Escalation Vulnerability in Confluence Data Center and Server - CVE-2023-22515

Dear customer,

On the 4th of October 2023 6AM PDT, Atlassian issued a Security Advisory for Confluence Server & Confluence Data Center. The Cloud versions of the applications as well as other Atlassian products are not affected.

What you need to know

External attackers are exploiting a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

Warning

Instances on the public internet are particularly at risk, as this vulnerability is exploitable anonymously.

Affected Versions

Info

Confluence Data Center and Confluence Server:

  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 8.0.3
  • 8.0.4
  • 8.1.0
  • 8.1.1
  • 8.1.3
  • 8.1.4
  • 8.2.0
  • 8.2.1
  • 8.2.2
  • 8.2.3
  • 8.3.0
  • 8.3.1
  • 8.3.2
  • 8.4.0
  • 8.4.1
  • 8.4.2
  • 8.5.0
  • 8.5.1

What should I do?

Localtab Group


Localtab
activetrue
titleConfluence Server & Data Center
tabIconbvicon-server

You use Confluence Server or Confluence Data Center 

Update

To address this issue, Atlassian released:

  • Confluence Server and Data Center versions:

    • 8.3.3 or later
    • 8.4.3 or later
    • 8.5.2 (Long Term Support release) or later

You can download the latest versions from the download pages for Confluence Server or Confluence Data Center.

Mitigation

Installing a fixed version of Confluence is the safest way to remediate CVE-2023-22515. If you are unable to immediately upgrade Confluence, then as a temporary workaround we recommend restricting external network access to the affected instance.

Additionally, you can mitigate known attack vectors for this vulnerability by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files.

  1. On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml  and add the following block of code (just before the </web-app> tag at the end of the file):

    Code Block
    <security-constraint>
      <web-resource-collection>
        <url-pattern>/setup/*</url-pattern>
			<http-method-omission>*</http-method-omission>
		</web-resource-collection>
      <auth-constraint />
	</security-constraint>


  2. Restart Confluence.

This action will block access to setup pages that are not required for typical Confluence usage, for further details see Atlassians FAQ page.

Threat detection

As well as upgrading to a fixed version, we recommend you check all affected Confluence instances for the following indicators of compromise:

  • unexpected members of the confluence-administrator group

  • unexpected newly created user accounts

  • requests to /setup/*.action in network access logs

  • presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory

Further details on how to do the above are available on Atlassians FAQ page.


Localtab
titleConfluence Cloud
tabIconbvicon-cloud

You use Confluence Cloud

Tip

You are not affected by this Security Advisory. No need for action.



Localtab
titlebitvoodoo Cloud
tabIconbvicon-cloud

You use Confluence Server or Confluence Data Center on servers operated by bitvoodoo

Mitigation

Tip

The mitigation has been implemented to secure instances hosted on the bitvoodoo cloud. We have disabled the app on the instances where an update, due to the installed version of Jira, was not possible.

Update

LTS Update Package Customers will get contacted to discuss the need of an update.


Support

If you still have questions or concerns regarding this advisory, please contact the bitvoodoo support via support.bitvoodoo.ch.


German

Privilege Escalation Vulnerability in Confluence Data Center and Server - CVE-2023-22515

Dear customer,

On the 4th of October 2023 6AM PDT, Atlassian issued a Security Advisory for Confluence Server & Confluence Data Center. The Cloud versions of the applications as well as other Atlassian products are not affected.

What you need to know

External attackers are exploiting a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

Warning

Instances on the public internet are particularly at risk, as this vulnerability is exploitable anonymously.

Affected Versions

Info

Confluence Data Center and Confluence Server:

  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 8.0.3
  • 8.0.4
  • 8.1.0
  • 8.1.1
  • 8.1.3
  • 8.1.4
  • 8.2.0
  • 8.2.1
  • 8.2.2
  • 8.2.3
  • 8.3.0
  • 8.3.1
  • 8.3.2
  • 8.4.0
  • 8.4.1
  • 8.4.2
  • 8.5.0
  • 8.5.1

What should I do?

Localtab Group


Localtab
activetrue
titleConfluence Server & Data Center
tabIconbvicon-server

You use Confluence Server or Confluence Data Center 

Update

To address this issue, Atlassian released:

  • Confluence Server and Data Center versions:

    • 8.3.3 or later
    • 8.4.3 or later
    • 8.5.2 (Long Term Support release) or later

You can download the latest versions from the download pages for Confluence Server or Confluence Data Center.

Mitigation

Installing a fixed version of Confluence is the safest way to remediate CVE-2023-22515. If you are unable to immediately upgrade Confluence, then as a temporary workaround we recommend restricting external network access to the affected instance.

Additionally, you can mitigate known attack vectors for this vulnerability by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files.

  1. On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml  and add the following block of code (just before the </web-app> tag at the end of the file):

    Code Block
    <security-constraint>
      <web-resource-collection>
        <url-pattern>/setup/*</url-pattern>
			<http-method-omission>*</http-method-omission>
		</web-resource-collection>
      <auth-constraint />
	</security-constraint>


  2. Restart Confluence.

This action will block access to setup pages that are not required for typical Confluence usage, for further details see Atlassians FAQ page.

Threat detection

As well as upgrading to a fixed version, we recommend you check all affected Confluence instances for the following indicators of compromise:

  • unexpected members of the confluence-administrator group

  • unexpected newly created user accounts

  • requests to /setup/*.action in network access logs

  • presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory

Further details on how to do the above are available on Atlassians FAQ page.


Localtab
titleConfluence Cloud
tabIconbvicon-cloud

You use Confluence Cloud

Tip

You are not affected by this Security Advisory. No need for action.



Localtab
titlebitvoodoo Cloud
tabIconbvicon-cloud

You use Confluence Server or Confluence Data Center on servers operated by bitvoodoo

Mitigation

Tip

The mitigation has been implemented to secure instances hosted on the bitvoodoo cloud. We have disabled the app on the instances where an update, due to the installed version of Jira, was not possible.

Update

LTS Update Package Customers will get contacted to discuss the need of an update.


Support

If you still have questions or concerns regarding this advisory, please contact the bitvoodoo support via support.bitvoodoo.ch.


bitvoodoo Advisories BVADVIS