CVE-2023-22515

Related Files

Atlassian Confluence Data Center And Server Authentication Bypass Via Broken Access Control

Posted Aug 31, 2024

Authored by temp66, Emir Polat | Site metasploit.com

This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.

tags | exploit

advisories | CVE-2023-22515

SHA-256 | 4b9c8ff2a00bfcb510bc8d0808226331e1d0aff918dc0237aea9ac812e546033

Download | Favorite | View

Atlassian Confluence Data Center And Server Authentication Bypass

Posted Feb 27, 2024

Authored by unknown, Emir Polat | Site metasploit.com

This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.

tags | exploit

advisories | CVE-2023-22515

SHA-256 | c9933148dbb3513e341045ef4dcef5999b02882361749da2c6cd6cfe8c0471bc

Download | Favorite | View

Atlassian Confluence Unauthenticated Remote Code Execution

Posted Oct 19, 2023

Authored by sfewer-r7 | Site metasploit.com

This Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator user and upload a malicious plugins to get arbitrary code execution. All versions of Confluence between 8.0.0 through to 8.3.2, 8.4.0 through to 8.4.2, and 8.5.0 through to 8.5.1 are affected.

tags | exploit, java, web, arbitrary, code execution

advisories | CVE-2023-22515

SHA-256 | 9243b392a2b5f9216cee221b4b8b37b7405bfb9cc8e0a614f33b37071a199e81

Download | Favorite | View