Broken access control in Confluence Server and Data Center (CVE-2023-22515)
Description
CVE-2023-22515 is a critical broken access control vulnerability affecting Atlassian Confluence Server and Data Center. This flaw allows unauthenticated remote attackers to bypass authorization controls and create administrative user accounts without any prior authentication. The vulnerability stems from improper access control enforcement in the user provisioning functionality, enabling complete system compromise through privilege escalation.
Remediation
Take immediate action to remediate this critical vulnerability:
1. Identify affected versions: Check if you are running Confluence Data Center or Server versions prior to the patched releases
2. Apply security updates immediately: Upgrade to the following patched versions or later:
- Version 8.3.x: Upgrade to 8.3.3 or later
- Version 8.4.x: Upgrade to 8.4.3 or later
- Version 8.5.x: Upgrade to 8.5.2 (LTS) or later
3. Audit user accounts: Review all administrator accounts for unauthorized entries created after October 4, 2023, and remove any suspicious accounts
4. Review access logs: Examine authentication and access logs for signs of exploitation, particularly unauthorized account creation attempts
5. Network segmentation: If immediate patching is not possible, restrict network access to Confluence to trusted IP addresses only as a temporary mitigation
Refer to Atlassian's official security advisory for detailed upgrade instructions and additional security guidance.