Atlassian Confluence Improper Authorization / Code Execution

This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server.

account actions atlassian atlassian confluence attacker authorization code code execution confluence install instance jsp malicious metasploit plugin reset unauthenticated vulnerability