Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Conf. Data Center Workarounds for Vulnerability CVE-2023-22518

Jay Moczulski
Jay Moczulski Oct 31, 2023

Are data center instances with two factor authentication -global protect vpn not publically exposed - also at critical risk for this? 

Answer
Watch
Like Be the first to like this
119 views

2 answers

3 votes
Kian Stack Mumo Systems
Kian Stack Mumo Systems
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Oct 31, 2023

@Jay Moczulski, you are at less risk due to the fact that your instance is not publicly accessible, but it still should be addressed as soon as possible.

Reply
0 votes
Leo Leung
Leo Leung Nov 01, 2023

So are there any workarounds to patch CVE-2023-22518?


I'm running 7.19.1 and no longer have maintenance support. Can I still upgrade to the latest version 7.19.16 for this security fix?

View More Comments
BHUSHAN PATIL
BHUSHAN PATIL Nov 24, 2023 • edited
Following is the temporary workarounds to mitigate CVE-2023-22518.
  1. Back up your instance
    (Instructions: https://confluence.atlassian.com/doc/production-backup-strategy-38797389.html)
  2. Remove your instance from the internet until you can patch, if possible. Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch.
  3. If you cannot restrict external network access or patch, apply the following interim measures to mitigate known attack vectors by blocking access on the following endpoints on Confluence instances:

a. /json/setup-restore.action

b. /json/setup-restore-local.action

c. /json/setup-restore-progress.action

 

This is possible at the network layer or by making the following changes to Confluence configuration files.

1. On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml and add the following block of code (just before the </web-app> tag at the end of the file):
<security-constraint>
 <web-resource-collection>
 <url-pattern>/json/setup-restore.action</url-pattern>
 <url-pattern>/json/setup-restore-local.action</url-pattern>
 <url-pattern>/json/setup-restore-progress.action</url-pattern>
 <http-method-omission>*</http-method-omission>
 </web-resource-collection>
 <auth-constraint />
</security-constraint>
2. Restart Confluence.
Note: These mitigation actions are limited and not a replacement for patching your instance; you must upgrade to following fixed versions as soon as possible.
Confluence Fixed Versions
7.19.16
8.3.4
8.4.4
8.5.3
8.6.1
Regards,
Bhushan
Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

See all events