Skip to content
/ CVE-2023-22515 Public

CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server

License

CC0-1.0 license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kh4sh3i/CVE-2023-22515

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

img

img

 
 

CVE-2023-22515.yaml

CVE-2023-22515.yaml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

exploit.py

exploit.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation



CVE-2023-22515

CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center, a Broken Access Control vulnerability. Attlassian has provided a CVSS base score of 10.0

One line poc

cat file.txt| while read host do;do curl -skL "http://$host/setup/setupadministrator.action" | grep -i "<title>Setup System Administrator" && echo $host "is VULN";done

Nuclei

nuclei -u target -t CVE-2023-22515.yaml

Prerequisites

sudo pip install -r requirements.txt

Usage

sudo python3 exploit.py --url [target]

Affected Versions

8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.1.0
8.1.1
8.1.3
8.1.4
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.3.2
8.4.0
8.4.1
8.4.2
8.5.0
8.5.1

Fixed Versions

8.3.3 or later
8.4.3 or later
8.5.2 (Long Term Support release) or later

refrences

About

CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server

Topics

jira exploit scanner rce vulnerability confluence cve exploitation atlassian vulnerability-scanners confluent-platform

Resources

Readme

License

CC0-1.0 license
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages