Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed timeline and spelling issues #694

Closed
wants to merge 1 commit into from
+5 −6
Closed

Fixed timeline and spelling issues #694

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 5 additions & 6 deletions _cases/2023/DIVD-2023-00042.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ excerpt: "Confluence Data Center and Server allow unauthorized users to set Conf
author: Wessel Baltus
lead: Wessel Baltus
researchers:
- Max van der horst
- Max van der Horst
- Wessel Baltus
# You can use free text here as well. E.g. to indicate that some vulnerabilities don't have CVEs assigned (yet).
cves:
Expand All @@ -15,7 +15,7 @@ product:
- Confluence Data Center
- Confluence Server
versions:
- all versions prior to 7.19.16, 8.3.4, 8.4.4, 8.5.3, 8.6.1
- All versions prior to 7.19.16, 8.3.4, 8.4.4, 8.5.3, 8.6.1
recommendation: "Upgrade to patched versions stated on atlassian website"
patch_status: Fully patched
#workaround: n/a
Expand All @@ -32,7 +32,7 @@ timeline:
- start: 2023-11-20
end:
event: "DIVD created a list of vulnerable Confluence instancess"
- start: 2022-11-22
- start: 2023-11-22
end:
event: "First version of this case file"
#ips:
Expand All @@ -41,7 +41,7 @@ timeline:
---
## Summary
An improper authorization vulnerability has been identified inside Atlassian Confluence versions before (7.19.16; 8.3.4; 8.4.4; 8.5.3; 8.6.1). this allows an unauthorized user to set the Confluence server in setup-up mode, and using this setup mode create administrator accounts which can be used to facilitate remote code execution"
An improper authorization vulnerability has been identified inside Atlassian Confluence versions before (7.19.16; 8.3.4; 8.4.4; 8.5.3; 8.6.1). This allows an unauthorized user to set the Confluence server in setup-up mode, and using this setup mode create administrator accounts which can be used to facilitate remote code execution"
## What you can do
Expand All @@ -59,5 +59,4 @@ DIVD is currently working to identify vulnerable parties and notify these.
## More information
* List all resources here
* [Blog from Grafana](https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/)
* [CVE-2021-43798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43798)
* https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html