Atlassian Confluence Data Center and Server Remote Code Execution Vulnerability (CVE-2023-22527)

Atlassian Confluence Data Center and Server is vulnerable to a critical severity vulnerability, tracked as CVE-2023-22527. The vulnerability has a maximum CVSS score of 10. Successful exploitation of the vulnerability may lead to remote code execution. Petrus Viet discovered the vulnerability and reported it to Atlassian through their Bug Bounty program. It is important to … Continue reading “Atlassian Confluence Data Center and Server Remote Code Execution Vulnerability (CVE-2023-22527)”

Atlassian Confluence Data Center and Confluence Server Improper Authorization Vulnerability (CVE-2023-22518)

Atlassian has addressed a vulnerability in the Confluence Data Center and Confluence Server. CVE-2023-22518 has been given a critical severity vulnerability and a CVSS score of 9.1. Atlassian has not released much information regarding this improper authorization vulnerability. The advisory states that no proof of active exploitation is available for the vulnerability. The advisory states, … Continue reading “Atlassian Confluence Data Center and Confluence Server Improper Authorization Vulnerability (CVE-2023-22518)”

Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)

Atlassian Confluence Data Center and Server are vulnerable to a privilege escalation vulnerability. CVE-2023-22515 is a critical severity vulnerability with a CVSS score of 10. A remote attacker may exploit the vulnerability in a low-complexity attack without user interaction. Successful exploitation of the vulnerability may allow attackers to create unauthorized Confluence administrator accounts and access … Continue reading “Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)”

Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)

Atlassian Confluence Server & Data Center and Bamboo Data Center are affected by high-severity vulnerabilities: CVE-2023-22505, CVE-2023-22506, and CVE-2023-22508. The vulnerabilities may allow attackers to perform remote code execution on successful exploitation. Anonymous researchers have discovered and reported these vulnerabilities to Atlassian via their Bug Bounty and Penetration Testing programs. In February 2023, Atlassian addressed … Continue reading “Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)”

Atlassian Confluence Server and Confluence Data Center – Questions for Confluence App – Hardcoded Password Vulnerability (CVE-2022-26138)

Atlassian has released a patch to address a hardcoded credentials vulnerability in Confluence Server and Data Center. Tracked as CVE-2022-26138, the vulnerability can allow an unauthenticated, remote attacker to log into vulnerable servers. Atlassian has rated the vulnerability as Critical as there are reports of this vulnerability being exploited in the wild and the hardcoded … Continue reading “Atlassian Confluence Server and Confluence Data Center – Questions for Confluence App – Hardcoded Password Vulnerability (CVE-2022-26138)”