Page 1 of 1

Exploit Flare Up Against Older Altassian Confluence Vulnerability

Posted: Mon Jan 29, 2024 5:06 pm
by rbc
Last October, Atlassian released a patch for CVE-2023-22515 [1]. This vulnerability allowed attackers to create new admin users in Confluence. Today, I noticed a bit a "flare up" in a specific exploit variant.

Rapid 7 published a good summary of the vulnerability [2]. As so often, the vulnerability is pretty straightforward once you see it. During the initial setup, Confluence asks the user to configure an administrator. After setup is complete, the user needs to log in using this initial administrator account to configure additional users. Using the vulnerability, an attacker can flip the "setup complete" state. No authentication is required to do so. An attacker can first enable the initial setup behavior, us it to add a new administrator account, and complete the attack by disabling the setup page to make the application appear normal for other users.
[...]
Exploit Flare Up Against Older Altassian Confluence Vulnerability