Of course we cannot always share details about our work with customers, but nevertheless it is nice to show our technical achievements and share some of our implemented solutions.
If you are using Atlassian Confluence, you are very likely to be affected by a recent discovered vulnerability, CVE-2023-22518. This vulnerability bypasses authentication on certain URLs and is considered highly critical. This vulnerability affects all Confluence versions, whether they're already EOL or a recent version.
A patch has been released by Atlassian and the vulnerability was fixed in the following Confluence versions:
If you are currently using an end of life version of Confluence you're in bad luck. There's no patch and you're vulnerable. Same goes for organizations currently unable to upgrade Confluence. And: It's Friday today. You know the rules of deploying on a Friday, right?
Luckily there's a simple mitigation which can be applied as a short-term solution. If you are using Nginx as a reverse proxy in front of your Atlassian Confluence installation, the following example snippet will help prevent an exploit on this vulnerability:
# BEGIN MITIGATION CVE-2023-22518
location /confluence/json/setup-restore.action {
deny all;
}
location /confluence/json/setup-restore-local.action {
deny all;
}
location /confluence/json/setup-restore-progress.action {
deny all;
}
# END MITIGATION CVE-2023-22518
location /confluence {
include /etc/nginx/proxysettings.conf;
proxy_pass http://confluence.internal.org:8090/confluence;
}
Note: This assumes your Confluence is loaded under the URI /confluence.
The real solution is obviously to patch Confluence, but until then this quick-fix could save your weekend.