CVE-2023-22515

Atlassian 8.x/8.5.1 - Remote Code Execution

Privilege Escalation - Broken Access Control

Atlassian - Remote code Execution?

Vulnerability: schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authored attacker with elevated database-level privileges to execute arbitrary code.

Affected Versions	Fixed Versions
Versions prior to 8.0.0	Not affected
8.0.0 - 8.0.3	Upgrade to a fixed version below
8.1.0, 8.1.3, 8.1.4	Upgrade to a fixed version below
8.2.0 - 8.2.3	Upgrade to a fixed version below
8.3.0 - 8.3.2	8.3.3 or later
8.4.0 - 8.4.2	8.4.3 or later
8.5.0, 8.5.1	8.5.2 (Long Term Support release) or later

Score: CVSS v2.0: N/A // CVSS v3.x: 7.2

POC:

As of October 4, no public proof-of-concept code was found for CVE-2023-22515

Scaner:

GitHub - ErikWynter/CVE-2023-22515-Scan: Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian ConfluenceGitHub

Protection:

Upgrade to a fixed version and restrict access to unfixed versions

Potential compromise:

• Unexpected members of the confluence-administrators group

• Unexpected newly created user accounts

• Requests to /setup/*.action in network access logs

• Presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory

Resources:

Atlassian Confluence Zero-Day Vulnerability: What Is CVE-2023-25515? | UpGuard

CVE-2023-22515: Zero-Day Vulnerability in Atlassian Confluence Data Center and Server Exploited in the WildTenable®

NVD - CVE-2023-2454

CVE - CVE-2023-2454