Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Improper Authorization in Confluence Data Center and Server - CVE-2023-22518

Roland Zosso
Roland Zosso November 14, 2023

I have read all the reports on the internet and I could see that the massive attacks on Confluence happened because the attackers learned pretty quickly how to exploit this vulnerability. As a result, many companies have already been compromised, but no one knows whether they were patched or not. This situation gave rise to the rumor that, despite the patch, this vulnerability had not been closed. However, this was to be expected.

Many companies took precautionary measures and blocked the server on the external network.

Do you know more about this situation? And how can we best deal with it?

Comment
Watch
Like # people like this
989 views

2 comments

Comment

Log in or Sign up to comment
Peter Van de Voorde
Peter Van de Voorde
Community Champion
November 14, 2023

Hi @Roland Zosso ,

I would follow Atlassian's instructions as mentioned on this page to deal with this: https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html

Cheers,
Peter

Like # people like this
Roland Zosso
Roland Zosso November 14, 2023

hi @Peter Van de Voorde 

Thanks for your reply.
I have seen this page and our server is patched.
But there are rumors that despite this patch this vulnerability could be exploited by attackers.
Have you heard anything about this?

Like Peter Van de Voorde likes this
Peter Van de Voorde
Peter Van de Voorde
Community Champion
November 22, 2023

@Roland Zosso 

I haven't heard any rumors of this still being an issue after the patch.
Of course given the complexity of Confluence there might be other vulnerabilities that haven't been patched yet. There is no guarantee there that I or anyone on this community could give you that there isn't another vulnerability out there.

Cheers,
Peter

Like
Reply
Sanjen Bariki
Sanjen Bariki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 14, 2023

Hi @Roland Zosso ,

 

Did you get a chance to go through the below document.

 

Regards,

Sanjen

Like
Roland Zosso
Roland Zosso November 14, 2023

Hi @Sanjen Bariki 

Thank you!
That is helpful.
I'll go through everything to see if anything happened before updating.

Best regards
Role

Like Sanjen Bariki likes this
Sanjen Bariki
Sanjen Bariki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 14, 2023

Hi @Roland Zosso ,

 

Thanks for the confirmation.

It will better If you accept the answer, other members will get the solution.

Hit the answer button from left side to help others on this solution.

 

Regards,

Sanjen😊.

Like
Reply
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.