Official Incident Report - Case 1 - SOC235 - Atlassian Confluence Broken Access Control 0-Day CVE-2023-2251
Case 101 The CVE-2023–22515 affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors to obtain initial access to Confluence instances by creating unauthorized. The vulnerability is categorized as a Broken Access Control issue. CVE-2023–22515 we need to take ownership of the Alert. STEP 1 - DETECTION - Playbook Collecting Alert Data In every alert, there are specific information that we need to gather in order to understand with what we are dealing with and find a corresponding solution. 1 . File name. 2. Source IP 3. Dest IP 4. Malicious File (Hash...