CVE-2023-22518: Critical Improper Authorization vulnerability in Confluence Data Center and Server

Update 11/3: A Tenable blog post with additional details has been released. This post has been updated to reflect.

On October 30, Atlassian released a security advisory for a critical improper authorization vulnerability affecting Confluence Data Center and Server. Atlassian rates this vulnerability as critical with a CVSSv3 score of 9.1 and notes that this vulnerability affects all versions of Confluence Data Center and Server. At this time the vulnerability is not known to have been exploited and only on-premise installations are affected by this vulnerability. 

What makes this vulnerability interesting is that a statement from Bala Sathiamurthy, Atlassian’s Chief Information Security Officer (CISO) appears on the security advisory, warning customers to “take immediate action.” Sathiamurthy’s statement stresses that there have been “no reports of active exploitation at this time” however exploitation of this vulnerability could result in “significant data loss if exploited by an unauthenticated attacker.”

At the time this community post was published on October 31, it’s unclear if there are other circumstances that are causing Atlassian and their CISO to stress the urgency of patching this vulnerability, but just earlier this month, CVE-2023-22515, a critical severity zero-day privilege escalation vulnerability in Confluence Data Center and Server was patched. It’s possible that Atlassian anticipates that CVE-2023-22518 could be quickly exploited and they want to ensure their customers are patching as quickly as they can. We will continue to watch for developments on this vulnerability.

The Tenable Research team has provided coverage for CVE-2023-22518. You can review the plugins tab on the dedicated CVE page for CVE-2023-22518 to get a list of plugins covering this vulnerability. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline. Additionally, for more information on this vulnerability, please refer to our blog.