CVE-2023-22515

Summary

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Affected Software

VendorProductVersion RangeStatus
AtlassianConfluence Data Center< 8.0.0unaffected
AtlassianConfluence Data Center>= 8.0.0affected
AtlassianConfluence Data Center>= 8.0.1affected
AtlassianConfluence Data Center>= 8.0.2affected
AtlassianConfluence Data Center>= 8.0.3affected
AtlassianConfluence Data Center>= 8.1.3affected
AtlassianConfluence Data Center>= 8.1.4affected
AtlassianConfluence Data Center>= 8.2.0affected
AtlassianConfluence Data Center>= 8.2.1affected
AtlassianConfluence Data Center>= 8.2.2affected
AtlassianConfluence Data Center>= 8.2.3affected
AtlassianConfluence Data Center>= 8.3.0affected
AtlassianConfluence Data Center>= 8.3.1affected
AtlassianConfluence Data Center>= 8.3.2affected
AtlassianConfluence Data Center>= 8.4.0affected
AtlassianConfluence Data Center>= 8.4.1affected
AtlassianConfluence Data Center>= 8.4.2affected
AtlassianConfluence Data Center>= 8.5.0affected
AtlassianConfluence Data Center>= 8.5.1affected
AtlassianConfluence Data Center>= 8.3.3unaffected
AtlassianConfluence Data Center>= 8.4.3unaffected
AtlassianConfluence Data Center>= 8.5.2unaffected
AtlassianConfluence Server< 8.0.0unaffected
AtlassianConfluence Server>= 8.0.0affected
AtlassianConfluence Server>= 8.0.1affected
AtlassianConfluence Server>= 8.0.2affected
AtlassianConfluence Server>= 8.0.3affected
AtlassianConfluence Server>= 8.1.3affected
AtlassianConfluence Server>= 8.1.4affected
AtlassianConfluence Server>= 8.2.0affected
AtlassianConfluence Server>= 8.2.1affected
AtlassianConfluence Server>= 8.2.2affected
AtlassianConfluence Server>= 8.2.3affected
AtlassianConfluence Server>= 8.3.0affected
AtlassianConfluence Server>= 8.3.1affected
AtlassianConfluence Server>= 8.3.2affected
AtlassianConfluence Server>= 8.4.0affected
AtlassianConfluence Server>= 8.4.1affected
AtlassianConfluence Server>= 8.4.2affected
AtlassianConfluence Server>= 8.5.0affected
AtlassianConfluence Server>= 8.5.1affected
AtlassianConfluence Server>= 8.3.3unaffected
AtlassianConfluence Server>= 8.4.3unaffected
AtlassianConfluence Server>= 8.5.2unaffected

Weaknesses

  • BASM (Broken Authentication & Session Management)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References