Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability is well known and affects all versions of Atlassian Confluence. Attack tools can help an unauthenticated attacker acquire basic administrator credentials. Business operations can be disrupted and attackers can launch additional attacks on the network from a compromised device.
Kill Chain
Risk Score
87
Atlassian Confluence has an improper authorization vulnerability that enables an attacker to reset or modify an existing Confluence instance. To exploit this vulnerability, an attacker sends an HTTP POST request with a malicious .zip file attachment to vulnerable endpoints. The Confluence application fails to check the privileges of the sender and sends an HTTP response. The response has a 302 status code (Found) and a redirect location header,which indicates that a Confluence instance processed the malicious .zip file. Existing data within the instance is replaced with attacker-supplied data in the .zip file. For example, the attacker can create an administrator account on the instance. With new administrator access, the attacker can perform actions such as installing malicious web shells and plugins that can launch additional attacks on the network.
