Free

CVE Series: Confluence Authentication Vulnerability (CVE-2023-22515)

Confluence suffers from a Broken Access Control vulnerability that affects Data Center and Server versions 8.0.0 to 8.3.2, 8.4.0 to 8.4.2, and 8.5.0 to 8.5.1. Threat actors exploit this vulnerability to obtain administrator access to Confluence servers. Put on your Red Team hat to create your own malicious admin account leveraging this CVE!

1
5
M
Time
Intermediate
difficulty
1
ceu/cpe

Course Content

How To Remediate CVE-2023-22515

10m

CVE-2023-22515 Remediation
Explanation of the exploit script

10m

CVE-2023-22515 Exploitation
FREE

5m

Introduction to Confluence
Root Cause Analysis of CVE-2023-27524

10m

Introduction to Apache Superset
Course Description

Confluence, a popular web-based wiki used by many corporations and developed by the software company, Atlassian, suffers from a Broken Access Control vulnerability that was reported in October of 2023. CVE-2023-22515 affects Confluence Data Center and Server versions 8.0.0 through to 8.3.2, 8.4.0 through to 8.4.2, and 8.5.0 through to 8.5.1. According to the Cybersecurity and Infrastructure Security Agency (CISA), threat actors have been exploiting this vulnerability in the wild to obtain administrator access to Confluence servers. In this course you’ll be putting on your Red Team hat to create your own malicious administrator account by leveraging this CVE!

Target Audience

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

Course Level

Intermediate

Prerequisites

Basic knowledge of Python as a programming language as well as functional knowledge of web applications.

Helpful Links

By the end of this course, you should be able to:

  • Exploit Code: https://github.com/Chocapikk/CVE-2023-22515
  • CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22515 (Official CVE)
  • CISA Advisory: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-289a
  • Metasploit Module: https://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
  • Official Confluence FAQ: https://confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html
  • Qualys Blog: https://blog.qualys.com/vulnerabilities-threat-research/2023/11/15/atlassian-confluence-broken-access-control-vulnerability-cve-2023-22515
  • Rapid7 Analysis: https://attackerkb.com/topics/Q5f0ItSzw5/cve-2023-22515/rapid7-analysis
  • This course is part of a Career Path:
    No items found.

    Instructed by

    Senior Instructor
    Clint Kehr

    Clint is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Clint has trained over 1,000 law enforcement officers, prosecutors, and civilians on the dark web and dark market websites. Clint has a master’s degree in intelligence studies from American Military University where he graduated with honors and also has a master’s degree in Information Technology from Carnegie Mellon University where he graduated with highest distinction. As a former Navy Reserve Officer, Clint served in many roles, such as a division officer and department head for commands in the information warfare community.

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a CVE Series: Confluence Authentication Vulnerability (CVE-2023-22515) Certificate of Completion