Conf. Data Center Workarounds for Vulnerability CVE-2023-22518

Jay Moczulski
Contributor
October 31, 2023

Are data center instances with two factor authentication -global protect vpn not publically exposed - also at critical risk for this? 

2 answers

2 accepted

4 votes
Answer accepted
Kian Stack Mumo Systems
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 31, 2023

@Jay Moczulski, you are at less risk due to the fact that your instance is not publicly accessible, but it still should be addressed as soon as possible.

1 vote
Answer accepted
Leo Leung November 1, 2023

So are there any workarounds to patch CVE-2023-22518?


I'm running 7.19.1 and no longer have maintenance support. Can I still upgrade to the latest version 7.19.16 for this security fix?

BHUSHAN PATIL
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 24, 2023
Following is the temporary workarounds to mitigate CVE-2023-22518.
  1. Back up your instance
    (Instructions: https://confluence.atlassian.com/doc/production-backup-strategy-38797389.html)
  2. Remove your instance from the internet until you can patch, if possible. Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch.
  3. If you cannot restrict external network access or patch, apply the following interim measures to mitigate known attack vectors by blocking access on the following endpoints on Confluence instances:

a. /json/setup-restore.action

b. /json/setup-restore-local.action

c. /json/setup-restore-progress.action

 

This is possible at the network layer or by making the following changes to Confluence configuration files.

1. On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml and add the following block of code (just before the </web-app> tag at the end of the file):
<security-constraint>
<web-resource-collection>
<url-pattern>/json/setup-restore.action</url-pattern>
<url-pattern>/json/setup-restore-local.action</url-pattern>
<url-pattern>/json/setup-restore-progress.action</url-pattern>
<http-method-omission>*</http-method-omission>
</web-resource-collection>
<auth-constraint />
</security-constraint>
2. Restart Confluence.
Note: These mitigation actions are limited and not a replacement for patching your instance; you must upgrade to following fixed versions as soon as possible.
Confluence Fixed Versions
7.19.16
8.3.4
8.4.4
8.5.3
8.6.1
Regards,
Bhushan
Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events