Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 |
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2023-10-04T14:00:00.820Z
Updated: 2024-09-13T18:13:18.030Z
Reserved: 2023-01-01T00:01:22.331Z
Link: CVE-2023-22515
Vulnrichment
Updated: 2024-08-02T10:13:48.693Z
NVD
Status : Modified
Published: 2023-10-04T14:15:10.440
Modified: 2024-11-21T07:44:57.830
Link: CVE-2023-22515
Redhat
No data.