CVE-2023-22515

2023-10-0414:00:00

atlassian

github.com

atlassian

unauthorized access

vulnerability

confluence data center

confluence server

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0.973

Percentile

99.9%

SSVC

Exploitation

active

Automatable

yes

Technical Impact

total

JSON

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
    ],
    "vendor": "atlassian",
    "product": "confluence_data_center",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.0",
        "lessThan": "8.3.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
    ],
    "vendor": "atlassian",
    "product": "confluence_data_center",
    "versions": [
      {
        "status": "affected",
        "version": "8.4.0",
        "lessThan": "8.4.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
    ],
    "vendor": "atlassian",
    "product": "confluence_data_center",
    "versions": [
      {
        "status": "affected",
        "version": "8.5.0",
        "lessThan": "8.5.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
    ],
    "vendor": "atlassian",
    "product": "confluence_server",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.0",
        "lessThan": "8.3.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
    ],
    "vendor": "atlassian",
    "product": "confluence_server",
    "versions": [
      {
        "status": "affected",
        "version": "8.4.0",
        "lessThan": "8.4.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
    ],
    "vendor": "atlassian",
    "product": "confluence_server",
    "versions": [
      {
        "status": "affected",
        "version": "8.5.0",
        "lessThan": "8.5.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]