This is an advisory only and is not a notification of activity being seen on your network. This advisory is for organizations that use Atlassian Confluence Data Center and Server to support organizational collaboration activities. If your organization does not use this platform, this notification may be discarded.
Atlassian has released a patch to address a vulnerability noted in publicly accessible Confluence Data Center and Server instances which could allow a remote attacker to create an unauthorized Confluence administrator account. Security researchers have noted that they have seen this being exploited in the wild. Atlassian Cloud deployments are not affected by this vulnerability.
Atlassian recommends that clients patch their instances of Data Center and Server and then perform a review for any indicators of compromise including:
Unexpected members of the confluence-administrators group
Unexpected newly created user accounts
Requests to /setup/*.action in network access logs
Presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory
Atlassian requests that any clients who believe they were compromised, raise a support request as Atlassian assistance is required to recover and protect your instance: https://support.atlassian.com/contact
CVE-2023-22515 – Broken Access Control Vulnerability in Confluence Data Center and Server
Versions prior to 8.0.0 are not affected by this vulnerability.
Atlassian cloud deployments are not affected by this vulnerability.
Customers with Confluence Data Center and Server instances accessible to the public internet including with user authentication, should restrict external network access until you can upgrade.
If you cannot restrict external network access before your upgrade, apply the following interim measures to mitigate known attack vectors by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files: