GobyVuls/Atlassian_Confluence_permission_bypass_vulnerability_(CVE-2023-22515).md at 23943829d790fb752832f8d34050efb14647a6cb - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-28 09:10:42 +00:00

Goby a7d55e0db9

Create Atlassian_Confluence_permission_bypass_vulnerability_(CVE-2023-22515).md

2023-10-11 20:48:12 +08:00

1.6 KiB

Raw Blame History

Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)

Vulnerability	Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)
Chinese name	Atlassian Confluence 权限绕过漏洞（CVE-2023-22515）
CVSS core	10.0
FOFA Query (click to view the results directly)	app="ATLASSIAN-Confluence"
Number of assets affected	97667
Description	Atlassian Confluence is a software developed by Atlassian based on the online enterprise wiki (collaboration software).A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend.
Impact	A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend.