What is the Attack?
The vulnerability attack is targeting an authentication bypass flaw in Atlassian Confluence Server and Confluence Data Center. The vulnerability is due to insufficient validation of user-supplied inputs. A successful exploitation may create an administrator account on the vulnerable server.
What is the Vendor Solution?
Atlassian released firmware updates to the affected products. For more information, click here.
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature “Atlassian.Confluence.Unauthorized.Admin.Account.Creation” to detect and block any attack targeting CVE-2023-22515.
FortiGuard Labs also advises to install the latest available patch for the affected products from the vendor as soon as possible.
More Stories
python-zipp-0.5.1-4.el8
FEDORA-EPEL-2024-d7489f4064 Packages in this update: python-zipp-0.5.1-4.el8 Update description: Security fix for CVE-2024-5569 (rhbz#2297119) Read More
USN-7020-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7007-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-6992-2: Firefox regressions
USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the...