← back
CVE-2023-22515

CVE-2023-22515

CVSS 10 CRITICALEPSS 99.2%● KEVCWE-20
In short

A critical vulnerability in Confluence Data Center and Server allows attackers to create unauthorized administrator accounts on publicly exposed instances, giving them full control over the system.

Technical detail

An improper input validation vulnerability (CWE-20) in Confluence Data Center and Server enables unauthenticated remote attackers to create malicious administrator accounts via a publicly accessible instance, bypassing authentication controls and leading to complete system compromise. Confluence Cloud instances are not affected.

Summary generated and translated by AI from the official description.
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Atlassian · Confluence Data CenterAtlassian · Confluence Server
public PoCs found30
githubgithub.com/Chocapikk/CVE-2023-22515153githubgithub.com/ad-calcium/CVE-2023-22515110githubgithub.com/ErikWynter/CVE-2023-22515-Scan79githubgithub.com/AIex-3/confluence-hack52githubgithub.com/K4ptor/CVE-2023-2251525githubgithub.com/aaaademo/Confluence-EvilJar23githubgithub.com/youcannotseemeagain/CVE-2023-22515_RCE20githubgithub.com/j3seer/CVE-2023-22515-POC8githubgithub.com/Le1a/CVE-2023-225156githubgithub.com/kh4sh3i/CVE-2023-225155githubgithub.com/spareack/CVE-2023-22515-NSE4githubgithub.com/Vulnmachines/confluence-cve-2023-225153githubgithub.com/LucasPDiniz/CVE-2023-225152githubgithub.com/fyx1t/NSE--CVE-2023-225152githubgithub.com/rxerium/CVE-2023-225151githubgithub.com/iveresk/CVE-2023-225151githubgithub.com/Arkha-Corvus/LetsDefend-SOC235-Atlassian-Confluence-Broken-Access-Control-0-Day-CVE-2023-22515-EventID-1971githubgithub.com/C1ph3rX13/CVE-2023-225151githubgithub.com/dkq-k/cve-2023-22515-10githubgithub.com/DsaHen/cve-2023-22515-exp0githubgithub.com/edsonjt81/CVE-2023-22515-Scan.0githubgithub.com/INTfinityConsulting/cve-2023-225150githubgithub.com/s1d6point7bugcrowd/CVE-2023-22515-check0githubgithub.com/xorbbo/cve-2023-225150githubgithub.com/Onedy1703/CVE-2023-22515-Confluence0githubgithub.com/tranphuc2005/CVE-2023-225150githubgithub.com/vivigotnotime/CVE-2023-22515-Exploit-Script0githubgithub.com/CyberSentinel321/cve-2023-22515-lab0githubgithub.com/dkq-k/CVE-2023-225150cve_referencepacketstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.htmlhttps://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276https://jira.atlassian.com/browse/CONFSERVER-92475https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22515