Atlassian Confluence Data Center and Server Improper Authorization Vulnerability - 20231108001

Overview

Atlassian has released updates to Improper Authorization Vulnerability In Confluence Data Center and Server security article including the CVSS score and fixed versions.

What is the vulnerability?

CVE-2023-22518 - CVSS v3 Base Score: 10.0

What is vulnerable?

This Improper Authorization vulnerability affects all versions prior to the listed fix versions of Confluence Data Center and Server. Atlassian recommends patching to the fixed LTS version or later.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

Atlassian recommends that you patch each of your affected installations to one of the listed fixed versions (or the latest version) below.

Product	Fixed Versions
Confluence Data Center and Server	7.19.16 8.3.4 8.4.4 8.5.3 8.6.1

Additional References

• Improper Authorization Vulnerability In Confluence Data Center and Server - 20231101002 - WASOC Advisory

• CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server

• [CONFSERVER-93142] Improper Authorization in Confluence Data Center and Server - CVE-2023-22518 - Create and track feature requests for Atlassian products.

• NVD - CVE-2023-22518 (nist.gov)