Detections
Analytics
CVE-2023-22515
critical
Description
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
From the Tenable Blog
CVE-2023-22515: Zero-Day Vulnerability in Atlassian Confluence Data Center and Server Exploited in the Wild
Published: 2023-10-04
A critical zero-day vulnerability in Atlassian Confluence Data Center and Server has been exploited in the wild in a limited number of cases. Organizations should patch or apply the mitigation steps as soon as possible.
References
https://www.security.com/threat-intelligence/ransomware-trends-2025
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
https://www.greynoise.io/blog/spike-in-atlassian-exploitation-attempts-patching-is-crucial
https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html?&web_view=true
Details
Published: 2023-10-04
Updated: 2025-02-09
Known Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.94365
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest