CVE-2023-22515: Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
First published: Wed Oct 04 2023(Updated: )
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Credit: security@atlassian.com security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Confluence Data Center | >=8.0.0<8.3.3 | |
| Atlassian Confluence Data Center | >=8.4.0<8.4.3 | |
| Atlassian Confluence Data Center | >=8.5.0<8.5.2 | |
| Atlassian Confluence Server | >=8.0.0<8.3.3 | |
| Atlassian Confluence Server | >=8.4.0<8.4.3 | |
| Atlassian Confluence Server | >=8.5.0<8.5.2 | |
| Atlassian Confluence Data Center and Server |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
- https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515
- https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
- https://jira.atlassian.com/browse/CONFSERVER-92475
- https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
- https://www.theregister.com/2024/02/08/rust_software_memory_safety/
Frequently Asked Questions
What is CVE-2023-22515?
CVE-2023-22515 is a privilege escalation vulnerability in Atlassian Confluence Data Center and Server, which allows external attackers to create unauthorized Confluence administrator accounts and gain access to the system.
How severe is CVE-2023-22515?
CVE-2023-22515 has a critical severity rating with a severity value of 10.
Who is affected by CVE-2023-22515?
Users of Atlassian Confluence Data Center and Server versions are affected by CVE-2023-22515.
How can attackers exploit CVE-2023-22515?
Attackers can exploit CVE-2023-22515 by exploiting a vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized administrator accounts and gain unauthorized access to Confluence.
Is there a fix for CVE-2023-22515?
Yes, Atlassian has released security updates to address CVE-2023-22515. It is recommended to update to the latest version of Confluence Data Center and Server to mitigate the vulnerability.
- collector/mitre-cve
- collector/nvd-index
- agent/author
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/remedy
- agent/title
- collector/the-register
- source/The Register
- alias/CVE-2023-33246
- alias/CVE-2023-22515
- alias/CVE-2023-34362
- zeroday/true
- agent/news-ai
- agent/severity
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/atlassian
- canonical/atlassian confluence data center
- version/atlassian confluence data center/8.0.0
- version/atlassian confluence data center/8.4.0
- version/atlassian confluence data center/8.5.0
- canonical/atlassian confluence server
- version/atlassian confluence server/8.0.0
- version/atlassian confluence server/8.4.0
- version/atlassian confluence server/8.5.0
- canonical/atlassian confluence data center and server