ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity

SID: 2048470Rev: 216 viewsHistory

Sourceet/open

CreatedOctober 6, 2023

UpdatedOctober 13, 2023

Classificationattempted-recon

alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity"; flow:established,to_server; http.uri; content:"/server-info.action"; fast_pattern; reference:url,confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html; reference:url,www.rapid7.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/; reference:cve,2023-22515; classtype:attempted-recon; sid:2048470; rev:2; metadata:affected_product Atlassian_Confluence, attack_target Web_Server, created_at 2023_10_06, cve CVE_2023_22515, deployment Perimeter, deployment Internal, deployment SSLDecrypt, deprecation_reason Duplicate, performance_impact Low, confidence Medium, signature_severity Informational, tag CISA_KEV, updated_at 2023_10_13, reviewed_at 2023_10_06; target:dest_ip;)

References

url	confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
url	www.rapid7.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/
cve	2023-22515

Metadata

affected productAtlassian_Confluence

attack targetWeb_Server

created at2023_10_06

cveCVE-2023-22515

deploymentSSLDecrypt

deprecation reasonDuplicate

performance impactLow

confidenceMedium

signature severityInformational

tagCISA_KEV

updated at2023_10_13

reviewed at2023_10_06

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!