Description

Due to an improper authorization control vulnerability in Confluence, an unauthenticated attacker can create an administrator account and get full access to the system.

Remediation

Upgrade to the latest version of Confluence

References

Improper Authorization in Confluence Data Center and Server - CVE-2023-22518

Atlassian Confluence Server (CVE-2023-22518) - Improper Authorization

Related Vulnerabilities

WordPress Improper Input Validation Vulnerability (CVE-2020-35539)

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-20491)

Magento Improper Authorization Vulnerability (CVE-2021-21026)

Apache HTTP Server DEPRECATED: Code Vulnerability (CVE-2015-3183)

Plone CMS Improper Input Validation Vulnerability (CVE-2013-4197)

Severity

Critical

Classification

CVE-2023-22518 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Known Vulnerabilities Privilege Escalation