Atlassian Confluence Data Center and Server are grappling with a severe vulnerability labeled CVE-2023-22518. This loophole in security might let assailants, who have sneaked past authentication and acquired network access, to take over the database and hijack the system with unauthorized commands.
An initial attempt to batter down the digital doors to these actions got us nowhere. Our efforts then shifted to dissecting the struts.xml configuration file, which maps out the application’s routing and its defensive interceptors. But, the file was tight-lipped, revealing no easy vulnerabilities.
We zeroed in on a subtle yet significant regex alteration in the SafeParametersInterceptor, a thread linked to a previously patched gaping hole, CVE-2023-22515, known for authentication circumvention. Despite intense analysis, the elusive breakthrough remained out of reach. Our probe uncovered that only a specific type of parameter, encoded just so, could bypass the interceptor’s scrutiny, potentially leading to property tinkering for unauthorized entry.