Tony Arroyo
Sam Bryan@campuscodi
Damn
> an Improper Authorization Vulnerability within Confluence Data Center and Confluence Server that allows unauthenticated users to perform a “restore from backup” by submitting their own arbitrary .zip file. Adversaries can exploit the vulnerability to destroy Confluence instances, leading to data loss. Alternatively, adversaries may also submit a .zip file containing a webshell to achieve Remote Code Execution (RCE) on vulnerable, on-premise Confluence servers.
Damn
> an Improper Authorization Vulnerability within Confluence Data Center and Confluence Server that allows unauthenticated users to perform a “restore from backup” by submitting their own arbitrary .zip file. Adversaries can exploit the vulnerability to destroy Confluence instances, leading to data loss. Alternatively, adversaries may also submit a .zip file containing a webshell to achieve Remote Code Execution (RCE) on vulnerable, on-premise Confluence servers.