"UPDATE: We have evidence to suggest that a known nation-state actor is actively exploiting CVE-2023-22515 and continue to work closely with our partners and customers to investigate." https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
exploit: post request with setup=false, post request for creating a new admin user https://github.com/Chocapikk/CVE-2023-22515/blob/main/exploit.py#L78-L92
If you run self-hosted #confluence and it is visible to the public internet, page on-call. This is super bad.
Xe :verified: /
npub1s2…h7eec
2023-10-14 09:24:16
Author Public Key
npub1s2xm5ua464tnntlp2uv90r3phwufl9jgyvnhkwaud8jycfxdzg7qzh7eecPublished at
2023-10-14 09:24:16Event JSON
{
"id": "efee091e8efc280849a5fa23a046882140515cc4f565626e07f88aabe7a6c62d",
"pubkey": "828dba73b5d55739afe15718578e21bbb89f964823277b3bbc69e44c24cd123c",
"created_at": 1697275456,
"kind": 1,
"tags": [
[
"t",
"confluence"
],
[
"proxy",
"https://pony.social/users/cadey/statuses/111232644329920231",
"activitypub"
]
],
"content": "\"UPDATE: We have evidence to suggest that a known nation-state actor is actively exploiting CVE-2023-22515 and continue to work closely with our partners and customers to investigate.\" https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html\n\nexploit: post request with setup=false, post request for creating a new admin user https://github.com/Chocapikk/CVE-2023-22515/blob/main/exploit.py#L78-L92\n\nIf you run self-hosted #confluence and it is visible to the public internet, page on-call. This is super bad.",
"sig": "3896642c8ecd0977eb7bb026a468ef1b871f084c2ade7a29b58dfccc448a94bf3dd95dbac3488932c526794014d16f24ae26295e6813bf98019c78a68609525d"
}