From 579300e1c96ed9b10314917187c42a12199257a5 Mon Sep 17 00:00:00 2001 From: Wessel Date: Sun, 14 Apr 2024 21:53:40 +0200 Subject: [PATCH 1/2] did rescan and closed 00045, 00042 --- _cases/2023/DIVD-2023-00042.md | 8 ++++++-- _cases/2023/DIVD-2023-00045.md | 11 +++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/_cases/2023/DIVD-2023-00042.md b/_cases/2023/DIVD-2023-00042.md index e5f736f2..bfe7064d 100644 --- a/_cases/2023/DIVD-2023-00042.md +++ b/_cases/2023/DIVD-2023-00042.md @@ -1,6 +1,7 @@ --- layout: case # Title and excerpt will be used on /cases and the RSS feed so make sure they reflect the case well +ips: n/a title: "Confluence improper authorization vulnerability" excerpt: "Confluence Data Center and Server allow unauthorized users to set Confluence in setup mode leading to the possibility to create administrator accounts that have the capabilities for RCE" author: Wessel Baltus @@ -19,9 +20,9 @@ versions: recommendation: "Upgrade to patched versions stated on atlassian website" patch_status: Fully patched #workaround: n/a -status : Open +status : Closed start: 2023-11-11 -end: +end: 2024-04-14 timeline: - start: 2023-10-31 end: @@ -35,6 +36,9 @@ timeline: - start: 2023-11-22 end: event: "First version of this case file" +- start: 2023-12-14 + end: + event: "Because of overlap merged with DIVD-2023-00045" #ips: # ips is used for statistics after the case is closed. If it is not applicable, you can set IPs to n/a (e.g. stolen credentials) # This field becomes mandatory when the case status is set to 'Closed' diff --git a/_cases/2023/DIVD-2023-00045.md b/_cases/2023/DIVD-2023-00045.md index 07e6f1fc..671b8883 100644 --- a/_cases/2023/DIVD-2023-00045.md +++ b/_cases/2023/DIVD-2023-00045.md @@ -1,6 +1,7 @@ --- layout: case # Title and excerpt will be used on /cases and the RSS feed so make sure they reflect the case well +ips: 1032 title: "Confluence RCE Vulnerability In Confluence Data Center and Confluence Server" excerpt: "Confluence Data Center and Server RCE vulnerability allow an authorized user, including one with anonymous access, to inject unsafe user input into a Confluence page" author: Wessel Baltus @@ -22,7 +23,7 @@ patch_status: Fully patched #workaround: n/a status : Open start: 2023-12-05 -end: +end: 2024-04-14 timeline: - start: 2023-12-05 end: @@ -38,7 +39,13 @@ timeline: event: "First version of this case file" - start: 2023-12-20 end: - event: "DIVD identified vulnerable devices" + event: "DIVD identified vulnerable devices" +- start: 2023-12-20 + end: + event: "DIVD send out first mailrun" +- start: 2024-04-14 + end: + event: "DIVD did rescan and closed case" #ips: # ips is used for statistics after the case is closed. If it is not applicable, you can set IPs to n/a (e.g. stolen credentials) # This field becomes mandatory when the case status is set to 'Closed' From 6397d5e714a02b5a099fb94d21f736c1a84ff16b Mon Sep 17 00:00:00 2001 From: Wessel Date: Sun, 14 Apr 2024 22:02:57 +0200 Subject: [PATCH 2/2] fixed case close 00045 --- _cases/2023/DIVD-2023-00045.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2023/DIVD-2023-00045.md b/_cases/2023/DIVD-2023-00045.md index 671b8883..0ddafb82 100644 --- a/_cases/2023/DIVD-2023-00045.md +++ b/_cases/2023/DIVD-2023-00045.md @@ -21,7 +21,7 @@ versions: recommendation: "Upgrade to patched versions stated on Atlassian website" patch_status: Fully patched #workaround: n/a -status : Open +status : Closed start: 2023-12-05 end: 2024-04-14 timeline: