CVE-2023-22515
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
CVSS
—
Sin CVSS
EPSS
99.2%
p100
KEV
SÍ
5 oct 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Atlassian / Confluence Data Center and Server
Vulnerabilidad
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Añadido a KEV
5 oct 2023
Remediar antes de
13 oct 2023
Uso conocido en ransomware
Sí
Descripción resumida
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.
Notas
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22515