Improper Authorization in Confluence Server and Data Center (CVE-2023-22518)
Description
CVE-2023-22518 is an improper authorization vulnerability in Atlassian Confluence Server and Data Center that allows unauthenticated remote attackers to bypass authentication controls. Exploiting this flaw, attackers can create unauthorized administrator accounts without any prior access to the system, leading to complete system compromise. This vulnerability affects the setup and configuration endpoints that fail to properly validate user permissions.
Remediation
Immediately upgrade to a patched version of Confluence Server or Data Center. The following versions contain fixes for CVE-2023-22518:
• For 8.5.x branch: Upgrade to version 8.5.4 or later
• For 8.6.x branch: Upgrade to version 8.6.1 or later
• For 7.19.x LTS branch: Upgrade to version 7.19.16 or later
• For 8.4.x branch: Upgrade to version 8.4.5 or later
If immediate patching is not possible, restrict network access to Confluence instances by implementing firewall rules or network segmentation to limit exposure to trusted IP addresses only. After upgrading, review administrator accounts and audit logs for any unauthorized account creation or suspicious administrative activities that may indicate prior exploitation.