On October 31, a vulnerability was discovered in Atlassian Confluence Server and Data Center, identified as CVE-2023-22518. The initial CVSS score assigned to the vulnerability was 9.1. However, following the detection of active exploits and ransomware incidents, the rating was elevated to 10.
For detailed information about the vulnerability, you can refer to the official Atlassian security advisory here.
The patched versions for Confluence Data Center and Server are as follows:
- 7.19.16
- 8.3.4
- 8.4.4
- 8.5.3
- 8.6.1
Mitigation Measures
As a precautionary measure, it is recommended to block access to the following endpoints on Confluence instances:
- /json/setup-restore.action
- /json/setup-restore-local.action
- /json/setup-restore-progress.action
This can be achieved either at the network level or by making the following changes to the Confluence configuration files. On each node, modify and add the following code block directly before the </web-app>
tag at the end of the file:
<confluence-install-dir>/confluence/WEB-INF/web.xml</web-app>
<security-constraint>
<web-resource-collection>
<url-pattern>/json/setup-restore.action</url-pattern>
<url-pattern>/json/setup-restore-local.action</url-pattern>
<url-pattern>/json/setup-restore-progress.action</url-pattern>
<http-method-omission>*</http-method-omission>
</web-resource-collection>
<auth-constraint />
</security-constraint>
Implementing these measures will enhance the security posture of your Atlassian Confluence deployment and help mitigate the risks associated with CVE-2023-22518.
At Newserverlife, we understand the importance of maintaining a secure and resilient server infrastructure. Stay informed, stay secure, and leverage the latest updates from Atlassian to fortify your Confluence deployment against emerging threats.