Lucene search

K
cvelistAtlassianCVELIST:CVE-2023-22515
HistoryOct 04, 2023 - 2:00 p.m.

CVE-2023-22515

2023-10-0414:00:00
atlassian
www.cve.org
6
atlassian
external attackers
exploited vulnerability
confluence instances
unauthorized access

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.973

Percentile

99.9%

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

CNA Affected

[
  {
    "vendor": "Atlassian",
    "product": "Confluence Data Center",
    "versions": [
      {
        "version": "< 8.0.0",
        "status": "unaffected"
      },
      {
        "version": ">= 8.0.0",
        "status": "affected"
      },
      {
        "version": ">= 8.0.1",
        "status": "affected"
      },
      {
        "version": ">= 8.0.2",
        "status": "affected"
      },
      {
        "version": ">= 8.0.3",
        "status": "affected"
      },
      {
        "version": ">= 8.1.3",
        "status": "affected"
      },
      {
        "version": ">= 8.1.4",
        "status": "affected"
      },
      {
        "version": ">= 8.2.0",
        "status": "affected"
      },
      {
        "version": ">= 8.2.1",
        "status": "affected"
      },
      {
        "version": ">= 8.2.2",
        "status": "affected"
      },
      {
        "version": ">= 8.2.3",
        "status": "affected"
      },
      {
        "version": ">= 8.3.0",
        "status": "affected"
      },
      {
        "version": ">= 8.3.1",
        "status": "affected"
      },
      {
        "version": ">= 8.3.2",
        "status": "affected"
      },
      {
        "version": ">= 8.4.0",
        "status": "affected"
      },
      {
        "version": ">= 8.4.1",
        "status": "affected"
      },
      {
        "version": ">= 8.4.2",
        "status": "affected"
      },
      {
        "version": ">= 8.5.0",
        "status": "affected"
      },
      {
        "version": ">= 8.5.1",
        "status": "affected"
      },
      {
        "version": ">= 8.3.3",
        "status": "unaffected"
      },
      {
        "version": ">= 8.4.3",
        "status": "unaffected"
      },
      {
        "version": ">= 8.5.2",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Atlassian",
    "product": "Confluence Server",
    "versions": [
      {
        "version": "< 8.0.0",
        "status": "unaffected"
      },
      {
        "version": ">= 8.0.0",
        "status": "affected"
      },
      {
        "version": ">= 8.0.1",
        "status": "affected"
      },
      {
        "version": ">= 8.0.2",
        "status": "affected"
      },
      {
        "version": ">= 8.0.3",
        "status": "affected"
      },
      {
        "version": ">= 8.1.3",
        "status": "affected"
      },
      {
        "version": ">= 8.1.4",
        "status": "affected"
      },
      {
        "version": ">= 8.2.0",
        "status": "affected"
      },
      {
        "version": ">= 8.2.1",
        "status": "affected"
      },
      {
        "version": ">= 8.2.2",
        "status": "affected"
      },
      {
        "version": ">= 8.2.3",
        "status": "affected"
      },
      {
        "version": ">= 8.3.0",
        "status": "affected"
      },
      {
        "version": ">= 8.3.1",
        "status": "affected"
      },
      {
        "version": ">= 8.3.2",
        "status": "affected"
      },
      {
        "version": ">= 8.4.0",
        "status": "affected"
      },
      {
        "version": ">= 8.4.1",
        "status": "affected"
      },
      {
        "version": ">= 8.4.2",
        "status": "affected"
      },
      {
        "version": ">= 8.5.0",
        "status": "affected"
      },
      {
        "version": ">= 8.5.1",
        "status": "affected"
      },
      {
        "version": ">= 8.3.3",
        "status": "unaffected"
      },
      {
        "version": ">= 8.4.3",
        "status": "unaffected"
      },
      {
        "version": ">= 8.5.2",
        "status": "unaffected"
      }
    ]
  }
]

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.973

Percentile

99.9%