BI.ZONE WAF counters critical vulnerability in Confluence

BI.ZONE WAF counters critical vulnerability in Confluence

New detection rules shield Confluence users from the CVE-2023-22515 vulnerability
October 19, 2023

Information about the new vulnerability and its exploitation by adversaries became public in early October. Atlassian, the developer of the Confluence software, rated the vulnerability as critical (CVSS score 10 out of 10).

CVE-2023-22515 affects publicly accessible Confluence Server and Confluence Data Center instances in versions 8.0.0 through 8.5.1. A flaw in the web application logic enables attackers to create unauthorized Confluence administrator accounts and execute program code on the server.

As the vulnerability does not affect Confluence Server and Confluence Data Center prior to 8.0.0, the users of these earlier versions do not need to take additional security measures.

At least five proofs of concept for the vulnerability are now available publicly.

The BI.ZONE WAF and security assessment teams have jointly simulated the exploitation of CVE-2023-22515 and devised rules to protect against possible attacks. To date, at least two groups are known to be exploiting this vulnerability. Therefore, the rules will be relevant for organizations that for whatever reason are not yet able to upgrade their Confluence to secure versions 8.3.3, 8.4.3, 8.5.2, or later.
Dmitry Tsarev
Head of Cloud Security Solutions, BI.ZONE

Basic BI.ZONE WAF vulnerability protection rules are available to all users. If necessary, our experts can configure additional rules customized to the company’s specific web applications and their business logic.