CVE-2023-22512 - High Severity DoS Vulnerability in Confluence Data Center and Server Version 5.6.

A high severity DoS (Denial of Service) vulnerability has been identified in Confluence Data Center and Server version 5.6.. This vulnerability, assigned as CVE-2023-22512, allows unauthenticated attackers to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a vulnerable host (Confluence instance) connected to a network.

Solution

Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions:

Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.1

3. Confluence Data Center and Server 8.6 or above: No need to upgrade, you're already on a patched version

To upgrade your Confluence instance, follow these steps

1. Download the appropriate fixed version from the Confluence Data Center and Server download center (https://www.atlassian.com/software/confluence/download-archives )
2. Follow the upgrade guide (https://confluence.atlassian.com/doc/upgrading-confluence-4578.html ) to upgrade to the desired fixed version

Release Notes

For more information on the fixed versions, please refer to the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ).

Acknowledgement

This vulnerability was reported via the Atlassian Bug Bounty program.

Exploit Details

Currently, there are no public exploits available for this vulnerability. However, since the vulnerability allows for unauthenticated attackers to carry out a DoS attack on vulnerable Confluence instances, it is crucial to upgrade your instance to a fixed version as soon as possible.

Stay Safe and Secure

To ensure the security and stability of your Confluence Data Center and Server instance, always keep your software up-to-date and follow security best practices. Regularly check for updates, monitor your logs, and stay informed about security advisories.

For more resources, please visit

- Atlassian security advisories (https://www.atlassian.com/trust/security/advisories )
- Atlassian security bug fix policy (https://www.atlassian.com/trust/security/bug-fix-policy )

Timeline

Published on: 01/16/2024 18:15:09 UTC
Last modified on: 03/17/2025 23:15:16 UTC