Create Atlassian_Confluence_permission_bypass_vulnerability_(CVE-2023-22515).md

Atlassian_Confluence_permission_bypass_vulnerability_(CVE-2023-22515).md

@@ -0,0 +1,13 @@
+## Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)
+
+|   **Vulnerability**  | 	Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)  |
+| :----:   | :-----|
+|  **Chinese name**  | 	Atlassian Confluence 权限绕过漏洞（CVE-2023-22515） |
+| **CVSS core**  | 	10.0 |
+| **FOFA Query**  (click to view the results directly)| [app="ATLASSIAN-Confluence"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJDb25mbHVlbmNlIiB8fCBiYW5uZXI9IkNvbmZsdWVuY2UiIHx8IGJvZHk9ImNvbmZsdWVuY2UtYmFzZS11cmwiIHx8IGJvZHk9ImNvbS1hdGxhc3NpYW4tY29uZmx1ZW5jZSIgfHwgIHRpdGxlPSJBdGxhc3NpYW4gQ29uZmx1ZW5jZSIgfHwgKHRpdGxlPT0iRXJyb3JzIiAmJiBib2R5PSJDb25mbHVlbmNlIik%3D)|
+| **Number of assets affected**  | 	97667 |
+| **Description**  | 	Atlassian Confluence is a software developed by Atlassian based on the online enterprise wiki (collaboration software).A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend. |
+| **Impact** | 	A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend. |
+
+![](https://s3.bmp.ovh/imgs/2023/10/11/c0c440512d0c5ee2.gif)
+