← Back to CVEs
CVE-2023-22515
CRITICALCISA KEV9.8
Description
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/4/2023
Last Modified3/25/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorAtlassian
ProductConfluence Data Center and Server
Vulnerability NameAtlassian Confluence Data Center and Server Broken Access Control Vulnerability
KEV Date Added2023-10-05
Remediation Due Date2023-10-13
Ransomware UseKnown
Affected Products
atlassian:confluence_data_centeratlassian:confluence_server
Weaknesses (CWE)
CWE-20
References
http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html(security@atlassian.com)
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515(security@atlassian.com)
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276(security@atlassian.com)
https://jira.atlassian.com/browse/CONFSERVER-92475(security@atlassian.com)
http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515(af854a3a-2127-422b-91ae-364da2661108)
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276(af854a3a-2127-422b-91ae-364da2661108)
https://jira.atlassian.com/browse/CONFSERVER-92475(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22515(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.