Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-22515
Analyzed
More InfoOfficial Page
Source-security@atlassian.com
View Known Exploited Vulnerability (KEV) details
Published At-04 Oct, 2023 | 14:15
Updated At-24 Oct, 2025 | 13:39

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2023-10-052023-10-13Atlassian Confluence Data Center and Server Broken Access Control VulnerabilityApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.
Date Added: 2023-10-05
Due Date: 2023-10-13
Vulnerability Name: Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.010.0CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Atlassian
atlassian
>>confluence_data_center>>Versions from 8.0.0(inclusive) to 8.3.3(exclusive)
cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Atlassian
atlassian
>>confluence_data_center>>Versions from 8.4.0(inclusive) to 8.4.3(exclusive)
cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Atlassian
atlassian
>>confluence_data_center>>Versions from 8.5.0(inclusive) to 8.5.2(exclusive)
cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Atlassian
atlassian
>>confluence_server>>Versions from 8.0.0(inclusive) to 8.3.3(exclusive)
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Atlassian
atlassian
>>confluence_server>>Versions from 8.4.0(inclusive) to 8.4.3(exclusive)
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Atlassian
atlassian
>>confluence_server>>Versions from 8.5.0(inclusive) to 8.5.2(exclusive)
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-20Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.htmlsecurity@atlassian.com
Exploit
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515security@atlassian.com
Vendor Advisory
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276security@atlassian.com
Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-92475security@atlassian.com
Vendor Advisory
Issue Tracking
http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-92475af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Issue Tracking
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22515134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
Source: security@atlassian.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515
Source: security@atlassian.com
Resource:
Vendor Advisory
Hyperlink: https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
Source: security@atlassian.com
Resource:
Vendor Advisory
Hyperlink: https://jira.atlassian.com/browse/CONFSERVER-92475
Source: security@atlassian.com
Resource:
Vendor Advisory
Issue Tracking
Hyperlink: http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://jira.atlassian.com/browse/CONFSERVER-92475
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Issue Tracking
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22515
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource
Change History
0Changes found
Details not found