CVE-2023-22518
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Nov 7, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Atlassian / Confluence Data Center and Server
Vulnerability
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Added to KEV
Nov 7, 2023
Remediate by
Nov 28, 2023
Known ransomware use
Yes
Summary description
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22518