On October 4, 2023, Atlassian released an advisory for CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center. Atlassian initially described this vulnerability as a Privilege Escalation, but they have since recategorized it as a Broken Access Control vulnerability. Atlassian has provided a CVSS base score of 10.0, which appears appropriate based on our analysis.
Atlassian indicated that this vulnerability was exploited in the wild as a zero-day vulnerability, prior to their knowledge or a patch being available. The observed attacker behavior included leveraging CVE-2023-22515 to create a new administrator user, but we believe that this is not the only way the vulnerability could be used.
Vulnmachines - Place for Pentesters
Vulnmachines is online cyber security training platform with a massive number of labs, allowing individuals, students, cyber professionals, companies, universities and all kinds of organizations around the world to enhance their practical skills with Real-world enterprise scenarios.
Visit : www.vulnmachin...
The SecOps Group is a globally recognized IT security company having extensive and varied experience in providing cybersecurity consultancy and education services. At The SecOps Group, we believe that security is a continuous process, which has to progress with time and in accordance with the customer needs and constantly evolving threats. Our core business comprises of two units:
1. Consultancy:
Pentesting and Advisory
The SecOps Group are cybersecurity experts offering CREST-accredited security consultancy services.
2. Education:
Pentesting Exams
Through our exams, we provide an authentic and credible certification that is modern, relevant and represents real-life business risks.
For business: secops.group/
Follow us
Twitter: / thesecopsgroup
Instagram: / thesecopsgroupuk
LinkedIn: / secops-group
#bugbounty #bugbountytips #confluence #cve #infosec #cybersecurity #ethicalhacking #learning #cyber
10 окт 2023
