Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Improper Authorization in Confluence Data Center and Server - CVE-2023-22518

Roland Zosso
Roland Zosso November 14, 2023

I have read all the reports on the internet and I could see that the massive attacks on Confluence happened because the attackers learned pretty quickly how to exploit this vulnerability. As a result, many companies have already been compromised, but no one knows whether they were patched or not. This situation gave rise to the rumor that, despite the patch, this vulnerability had not been closed. However, this was to be expected.

Many companies took precautionary measures and blocked the server on the external network.

Do you know more about this situation? And how can we best deal with it?

Answer
Watch
Like # people like this
763 views

2 answers

1 accepted

Suggest an answer

Log in or Sign up to answer
0 votes
Answer accepted
Sanjen Bariki
Sanjen Bariki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 14, 2023

Hi @Roland Zosso ,

 

Did you get a chance to go through the below document.

 

Regards,

Sanjen

View More Comments
Reply
Roland Zosso
Roland Zosso November 14, 2023

Hi @Sanjen Bariki 

Thank you!
That is helpful.
I'll go through everything to see if anything happened before updating.

Best regards
Role

Like Sanjen Bariki likes this
Sanjen Bariki
Sanjen Bariki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 14, 2023

Hi @Roland Zosso ,

 

Thanks for the confirmation.

It will better If you accept the answer, other members will get the solution.

Hit the answer button from left side to help others on this solution.

 

Regards,

Sanjen😊.

Like
2 votes
Peter Van de Voorde
Peter Van de Voorde
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 14, 2023

Hi @Roland Zosso ,

I would follow Atlassian's instructions as mentioned on this page to deal with this: https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html

Cheers,
Peter

View More Comments
Reply
Roland Zosso
Roland Zosso November 14, 2023

hi @Peter Van de Voorde 

Thanks for your reply.
I have seen this page and our server is patched.
But there are rumors that despite this patch this vulnerability could be exploited by attackers.
Have you heard anything about this?

Like Peter Van de Voorde likes this
Peter Van de Voorde
Peter Van de Voorde
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 22, 2023

@Roland Zosso 

I haven't heard any rumors of this still being an issue after the patch.
Of course given the complexity of Confluence there might be other vulnerabilities that haven't been patched yet. There is no guarantee there that I or anyone on this community could give you that there isn't another vulnerability out there.

Cheers,
Peter

Like
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events