You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We are very close to migrating off a old legacy Confluence instance that is currently running 5.8.2. It's internally hosted and limited to only intranet access, so no public access.
I wanted to confirm 5.8.2 is impacted by CVE-2023-22518 and if so is this mitigation still applicable to our environment.
This is possible at the network layer or by making the following changes to Confluence configuration files.
<security-constraint> <web-resource-collection> <url-pattern>/json/setup-restore.action</url-pattern> <url-pattern>/json/setup-restore-local.action</url-pattern> <url-pattern>/json/setup-restore-progress.action</url-pattern> <http-method-omission>*</http-method-omission> </web-resource-collection> <auth-constraint /></security-constraint>
Welcome to the community.
Not connecting your instance to the internet (no public access) will make your instance not vulnerable.
See point 2 in mitigation.
The configuration file changes are only applicable to point 3 in the mitigation section.
SO in relation that your are not externally able to access Confluence, mitigation point 2will apply to your instance