CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Webserver)

Rule Info

Name
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Webserver)
Author
Andreas Braathen (mnemonic.io)
Description
Detects exploitation attempt of CVE-2023-22518 (Confluence Data Center / Confluence Server), where an attacker can exploit vulnerable endpoints to e.g. create admin accounts and execute arbitrary commands.
Reference
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
Date
2023-11-14 00:00:00
Modified
None
Id
a902d249-9b9c-4dc4-8fd0-fbe528ef965c
Tags
detection.emerging_threats attack.initial_access attack.t1190 cve.2023.22518 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=a902d249-9b9c-4dc4-8fd0-fbe528ef965c

Rule History

Author
Title
Date
Commit
Andreas Braathen
Merge PR #4567 from @netgrain - Adding analytics for CVE-2023-22518
2023-11-15
c7892119b
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022