GobyVuls/Atlassian_Confluence_permission_bypass_vulnerability_(CVE-2023-22515).md

## Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)

|   **Vulnerability**  | 	Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)  |
| :----:   | :-----|
|  **Chinese name**  | 	Atlassian Confluence 权限绕过漏洞（CVE-2023-22515） |
| **CVSS core**  | 	10.0 |
| **FOFA Query**  (click to view the results directly)| [app="ATLASSIAN-Confluence"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJDb25mbHVlbmNlIiB8fCBiYW5uZXI9IkNvbmZsdWVuY2UiIHx8IGJvZHk9ImNvbmZsdWVuY2UtYmFzZS11cmwiIHx8IGJvZHk9ImNvbS1hdGxhc3NpYW4tY29uZmx1ZW5jZSIgfHwgIHRpdGxlPSJBdGxhc3NpYW4gQ29uZmx1ZW5jZSIgfHwgKHRpdGxlPT0iRXJyb3JzIiAmJiBib2R5PSJDb25mbHVlbmNlIik%3D)|
| **Number of assets affected**  | 	97667 |
| **Description**  | 	Atlassian Confluence is a software developed by Atlassian based on the online enterprise wiki (collaboration software).A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend. |
| **Impact** | 	A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend. |

![](https://s3.bmp.ovh/imgs/2023/10/11/c0c440512d0c5ee2.gif)