Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-22515
PUBLISHED
More InfoOfficial Page
Assigner-atlassian
Assigner Org ID-f08a6ab8-ed46-4c22-8884-d911ccfe3c66
View Known Exploited Vulnerability (KEV) details
Published At-04 Oct, 2023 | 14:00
Updated At-21 Oct, 2025 | 23:05
Rejected At-
▼CVE Numbering Authority (CNA)

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Affected Products
Vendor
AtlassianAtlassian
Product
Confluence Data Center
Versions
Affected
  • >= 8.0.0
  • >= 8.0.1
  • >= 8.0.2
  • >= 8.0.3
  • >= 8.1.3
  • >= 8.1.4
  • >= 8.2.0
  • >= 8.2.1
  • >= 8.2.2
  • >= 8.2.3
  • >= 8.3.0
  • >= 8.3.1
  • >= 8.3.2
  • >= 8.4.0
  • >= 8.4.1
  • >= 8.4.2
  • >= 8.5.0
  • >= 8.5.1
Unaffected
  • < 8.0.0
  • >= 8.3.3
  • >= 8.4.3
  • >= 8.5.2
Vendor
AtlassianAtlassian
Product
Confluence Server
Versions
Affected
  • >= 8.0.0
  • >= 8.0.1
  • >= 8.0.2
  • >= 8.0.3
  • >= 8.1.3
  • >= 8.1.4
  • >= 8.2.0
  • >= 8.2.1
  • >= 8.2.2
  • >= 8.2.3
  • >= 8.3.0
  • >= 8.3.1
  • >= 8.3.2
  • >= 8.4.0
  • >= 8.4.1
  • >= 8.4.2
  • >= 8.5.0
  • >= 8.5.1
Unaffected
  • < 8.0.0
  • >= 8.3.3
  • >= 8.4.3
  • >= 8.5.2
Problem Types
TypeCWE IDDescription
BASM (Broken Authentication & Session Management)N/ABASM (Broken Authentication & Session Management)
Type: BASM (Broken Authentication & Session Management)
CWE ID: N/A
Description: BASM (Broken Authentication & Session Management)
Metrics
VersionBase scoreBase severityVector
3.010.0CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
an Atlassian customer
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
N/A
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515
N/A
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
N/A
https://jira.atlassian.com/browse/CONFSERVER-92475
N/A
Hyperlink: http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
Resource: N/A
Hyperlink: https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515
Resource: N/A
Hyperlink: https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
Resource: N/A
Hyperlink: https://jira.atlassian.com/browse/CONFSERVER-92475
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
x_transferred
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515
x_transferred
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
x_transferred
https://jira.atlassian.com/browse/CONFSERVER-92475
x_transferred
Hyperlink: http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
Resource:
x_transferred
Hyperlink: https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515
Resource:
x_transferred
Hyperlink: https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
Resource:
x_transferred
Hyperlink: https://jira.atlassian.com/browse/CONFSERVER-92475
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Atlassianatlassian
Product
confluence_data_center
CPEs
  • cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Default Status
affected
Versions
Affected
  • From 8.0.0 before 8.3.3 (custom)
Vendor
Atlassianatlassian
Product
confluence_data_center
CPEs
  • cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Default Status
affected
Versions
Affected
  • From 8.4.0 before 8.4.3 (custom)
Vendor
Atlassianatlassian
Product
confluence_data_center
CPEs
  • cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Default Status
affected
Versions
Affected
  • From 8.5.0 before 8.5.2 (custom)
Vendor
Atlassianatlassian
Product
confluence_server
CPEs
  • cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Default Status
affected
Versions
Affected
  • From 8.0.0 before 8.3.3 (custom)
Vendor
Atlassianatlassian
Product
confluence_server
CPEs
  • cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Default Status
affected
Versions
Affected
  • From 8.4.0 before 8.4.3 (custom)
Vendor
Atlassianatlassian
Product
confluence_server
CPEs
  • cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Default Status
affected
Versions
Affected
  • From 8.5.0 before 8.5.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2023-10-05
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22515
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2023-22515 added to CISA KEV2023-10-05 00:00:00
Event: CVE-2023-22515 added to CISA KEV
Date: 2023-10-05 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22515
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22515
Resource:
government-resource
Details not found