nvd-json-data-feeds/CVE-2023/CVE-2023-225xx/CVE-2023-22518.json

{
  "id": "CVE-2023-22518",
  "sourceIdentifier": "security@atlassian.com",
  "published": "2023-10-31T15:15:08.573",
  "lastModified": "2023-11-06T20:15:07.797",
  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue."
    },
    {
      "lang": "es",
      "value": "Todas las versiones de Confluence Data Center y Server se ven afectadas por esta vulnerabilidad no explotada. No hay ning\u00fan impacto en la confidencialidad ya que un atacante no puede filtrar ning\u00fan dato de la instancia. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "security@atlassian.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2
      }
    ]
  },
  "references": [
    {
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907",
      "source": "security@atlassian.com"
    },
    {
      "url": "https://github.com/RootUp/PersonalStuff/blob/master/check_cve_2023_22518.py",
      "source": "security@atlassian.com"
    },
    {
      "url": "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22518.yaml",
      "source": "security@atlassian.com"
    },
    {
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93142",
      "source": "security@atlassian.com"
    },
    {
      "url": "https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-for-confluence-data-wiping-bug-get-patching/",
      "source": "security@atlassian.com"
    },
    {
      "url": "https://www.rapid7.com/blog/post/2023/11/06/etr-rapid7-observed-exploitation-of-atlassian-confluence-cve-2023-22518/",
      "source": "security@atlassian.com"
    },
    {
      "url": "https://www.securityweek.com/exploitation-of-critical-confluence-vulnerability-begins/",
      "source": "security@atlassian.com"
    }
  ]
}
Auto-Update: 2023-10-31T17:00:18.922735+00:00 2023-10-31 17:00:22 +00:00			`{`
			`"id": "CVE-2023-22518",`
			`"sourceIdentifier": "security@atlassian.com",`
			`"published": "2023-10-31T15:15:08.573",`
Auto-Update: 2023-11-06T21:00:19.166686+00:00 2023-11-06 21:00:22 +00:00			`"lastModified": "2023-11-06T20:15:07.797",`
			`"vulnStatus": "Undergoing Analysis",`
Auto-Update: 2023-10-31T17:00:18.922735+00:00 2023-10-31 17:00:22 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue."`
Auto-Update: 2023-11-06T21:00:19.166686+00:00 2023-11-06 21:00:22 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Todas las versiones de Confluence Data Center y Server se ven afectadas por esta vulnerabilidad no explotada. No hay ning\u00fan impacto en la confidencialidad ya que un atacante no puede filtrar ning\u00fan dato de la instancia. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema."`
Auto-Update: 2023-10-31T17:00:18.922735+00:00 2023-10-31 17:00:22 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "security@atlassian.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.1,`
			`"baseSeverity": "CRITICAL"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 5.2`
			`}`
			`]`
			`},`
			`"references": [`
			`{`
			`"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907",`
			`"source": "security@atlassian.com"`
			`},`
Auto-Update: 2023-11-06T21:00:19.166686+00:00 2023-11-06 21:00:22 +00:00			`{`
			`"url": "https://github.com/RootUp/PersonalStuff/blob/master/check_cve_2023_22518.py",`
			`"source": "security@atlassian.com"`
			`},`
			`{`
			`"url": "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22518.yaml",`
			`"source": "security@atlassian.com"`
			`},`
Auto-Update: 2023-10-31T17:00:18.922735+00:00 2023-10-31 17:00:22 +00:00			`{`
			`"url": "https://jira.atlassian.com/browse/CONFSERVER-93142",`
			`"source": "security@atlassian.com"`
Auto-Update: 2023-11-06T21:00:19.166686+00:00 2023-11-06 21:00:22 +00:00			`},`
			`{`
			`"url": "https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-for-confluence-data-wiping-bug-get-patching/",`
			`"source": "security@atlassian.com"`
			`},`
			`{`
			`"url": "https://www.rapid7.com/blog/post/2023/11/06/etr-rapid7-observed-exploitation-of-atlassian-confluence-cve-2023-22518/",`
			`"source": "security@atlassian.com"`
			`},`
			`{`
			`"url": "https://www.securityweek.com/exploitation-of-critical-confluence-vulnerability-begins/",`
			`"source": "security@atlassian.com"`
Auto-Update: 2023-10-31T17:00:18.922735+00:00 2023-10-31 17:00:22 +00:00			`}`
			`]`
			`}`