CVE-2023-22518

CRITICAL KEV RANSOMWARE NUCLEI LAB

Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518)

Title source: metasploit

Description

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Exploits (9)

nomisec WORKING POC 59 stars

by ForceFledgling · poc

https://github.com/ForceFledgling/CVE-2023-22518

View Code ZIP pw:eip

nomisec WORKING POC 43 stars

by RevoltSecurities · remote

https://github.com/RevoltSecurities/CVE-2023-22518

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by davidfortytwo · poc

https://github.com/davidfortytwo/CVE-2023-22518

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by 0x0d3ad · remote

https://github.com/0x0d3ad/CVE-2023-22518

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by ductink98lhp · remote

https://github.com/ductink98lhp/analyze-Exploit-CVE-2023-22518-Confluence

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by Lilly-dox · poc

https://github.com/Lilly-dox/Exploit-CVE-2023-22518

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by bibo318 · remote

https://github.com/bibo318/CVE-2023-22518

View Code ZIP pw:eip

nomisec WORKING POC

by C1ph3rX13 · remote

https://github.com/C1ph3rX13/CVE-2023-22518

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Atlassian, jheysel-r7 · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_unauth_backup.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Atlassian Confluence Server - Improper Authorization

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.component:"Atlassian Confluence" || http.component:"atlassian confluence"

FOFA: app="atlassian-confluence"

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html

[Issue Tracking, Mitigation, Vendor Advisory] https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907

[Issue Tracking, Mitigation, Vendor Advisory] https://jira.atlassian.com/browse/CONFSERVER-93142

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22518

Scores

CVSS v3 9.8

EPSS 0.9437

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull atlassian/confluence-server:8.6.0

https://github.com/ForceFledgling/CVE-2023-22518

https://github.com/davidfortytwo/CVE-2023-22518

https://github.com/RevoltSecurities/CVE-2023-22518

+6 more repos

View in Library

Details

CISA KEV 2023-11-07

VulnCheck KEV 2023-11-02

InTheWild.io 2023-11-07

ENISA EUVD EUVD-2023-26658

Ransomware Use Confirmed

CWE

CWE-863

Status published

Products (4)

atlassian/confluence_data_center 8.6.0

atlassian/confluence_data_center 1.0 - 7.19.16

atlassian/confluence_server 8.6.0

atlassian/confluence_server 1.0 - 7.19.16

Published Oct 31, 2023

KEV Added Nov 07, 2023

Tracked Since Feb 18, 2026