.. / CVE-2023-22518

Exploit for Atlassian Confluence Server - Improper Authorization (CVE-2023-22518)

Description:

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Nuclei Template

View the template here CVE-2023-22518.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-22518.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-22518
https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907
https://jira.atlassian.com/browse/CONFSERVER-93142
https://blog.projectdiscovery.io/atlassian-confluence-auth-bypass/
https://github.com/RootUp/PersonalStuff/blob/master/check_cve_2023_22518.py