vpatch-CVE-2023-22515 AppSec Rule

« vpatch-CVE-2023-22515 »
v0.4 by crowdsecurity
AppSec rule

Atlassian Confluence Privesc (CVE-2023-22515)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-22515

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2023-22515
2description: "Atlassian Confluence Privesc (CVE-2023-22515)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: /setup/setupadministrator.action
12    - zones:
13      - METHOD
14      match:
15        type: equals
16        value: POST
17    - zones:
18      - HEADERS
19      variables:
20       - x-atlassian-token
21      transform:
22      - lowercase
23      match:
24        type: equals
25        value: "no-check"
26labels:
27  type: exploit
28  service: http
29  confidence: 3
30  spoofable: 0
31  behavior: "http:exploit"
32  label: "Atlassian Confluence Privesc"
33  classification:
34   - cve.CVE-2023-22515
35   - attack.T1595
36   - attack.T1190
37   - cwe.CWE-284

Hub Appsec rule

« vpatch-CVE-2023-22515 »v0.4 by crowdsecurityAppSec rule

« vpatch-CVE-2023-22515 »
v0.4 by crowdsecurity
AppSec rule