Confluence Data Center and Confluence Server Vulnerabilities

Try in Splunk Security Cloud

Description

The following analytic story covers use cases for detecting and investigating potential attacks against Confluence Data Center and Confluence Server.

• Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
• Datamodel: Web
• Last Updated: 2024-01-22
• Author: Michael Haag, Splunk
• ID: 509387a5-ab53-4656-8bb5-4bc8c2c074d9

Narrative

The analytic story of Confluence Data Center and Confluence Server encompasses a comprehensive approach to safeguarding these platforms from a variety of threats. By leveraging the analytics created in the project, security teams are equipped to detect, investigate, and respond to potential attacks that target Confluence environments.

Detections

Name	Technique	Type
Confluence Data Center and Server Privilege Escalation	Exploit Public-Facing Application	TTP
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527	Exploit Public-Facing Application	TTP
Confluence Unauthenticated Remote Code Execution CVE-2022-26134	Server Software Component, Exploit Public-Facing Application, External Remote Services	TTP

Reference

• https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html

source | version: 1