CVE-2023-22515
Thursday, April 4 at 10 AMCVE-2023-22515
CVE-2023-22515 is an unauthenticated critical severity vulnerability allowing remote attackers to create unauthorized Confluence Administrator accounts and access Confluence instances.
CVE Score : 9.8
98.0%
Affected Version
- Confluence Data Center and Confluence Server
- 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.1.1, 8.1.3, 8.1.4, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.4.2, 8.5.0, 8.5.1
Patched Version
- Confluence Data Center and Confluence Server
- 8.3.3 or later, 8.4.3 or later, 8.5.2 (Long Term Support release) or later
Different Search Engine Query To Find Internet Exposed Instances:
| # | Search Query | Search Engine |
|---|---|---|
| 1 | http.favicon.hash:-305179312 | Shodan |
| 2 | http.component:"Atlassian Confluence" | Shodan |
| 3 | app="ATLASSIAN-Confluence" | Fofa |
A Shodan search for "Atlassian Confluence" reveals around 120247 instances exposed to the internet.
Get Version Information:
How To Find Server Version Information:
- Take IP from the above shodan query
- Append following string with IP address: /server-info.action
- It will redirect you to "/login.action?" page.
- Check the source code and you will able to find Version infroamtion by searching for following string:
- "ajs-version-number"
- Compare the version with above mentioned affected version list.
-- Team ZeroDayNinjas --