Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22515 PoC — Atlassian Confluence Server 安全漏洞

Source
https://github.com/s1d6point7bugcrowd/CVE-2023-22515-check
Associated Vulnerability
Title:Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
Description:Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Description
This script will inform the user if the Confluence instance is vulnerable, but it will not proceed with the exploitation steps.
Readme
Disclaimer

This script is for educational and testing purposes only. Use it responsibly and ensure you have permission to test the target Confluence instance. Unauthorized testing is illegal and unethical.


# Confluence CVE-2023-22515 Vulnerability Detection Script

This script checks if a Confluence instance is vulnerable to CVE-2023-22515, a critical Broken Access Control vulnerability affecting Atlassian Confluence Data Center and Server versions 8.0.0 and above. The script does not exploit the vulnerability; it only checks for the version and setup mode configuration.

## Prerequisites

- Python 3.x
- `requests` library
- `packaging` library

You can install the required libraries using pip:
```sh
pip install requests packaging

    Clone the repository or download the script file.

    Run the script in your Python environment:



python confluence_vulnerability_check.py

    Input the URL of the Confluence instance when prompted (e.g., http://example.com).

    The script will check the Confluence version and determine if the instance is vulnerable to CVE-2023-22515.

Output

The script will output the Confluence version and inform you whether the instance is vulnerable based on the version and setup mode check. Example output:



Enter the URL of the Confluence instance (e.g., http://example.com): http://example.com
Confluence version detected: 7.19.22
The Confluence instance is not vulnerable to CVE-2023-22515.


Contributing

Contributions are welcome! Please open an issue or submit a pull request.
File Snapshot

 [4.0K]  /data/pocs/de6f3afbc5fa235841c0b6033cc0fc37453391d6
├── [2.1K]  confluence_vulnerability_check.py
├── [1.0K]  LICENSE
└── [1.5K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →