CVE-2023-22515

NVD Published Date: October 04, 2023 at 02:15 PM
NVD Last Modified: February 16, 2024 at 05:52 PM
Download Patch
Vulnerability ID
CVE-2023-22515
Severity
CRITICAL
Severity Score
9.8
Summary
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Mitigation and Patches
-
Exploits

https://github.com/Chocapikk/CVE-2023-22515

https://github.com/ad-calcium/CVE-2023-22515

https://github.com/ErikWynter/CVE-2023-22515-Scan

https://github.com/AIex-3/confluence-hack

https://github.com/sincere9/CVE-2023-22515

https://github.com/youcannotseemeagain/CVE-2023-22515_RCE

https://github.com/aaaademo/Confluence-EvilJar

https://github.com/j3seer/CVE-2023-22515-POC

https://github.com/Le1a/CVE-2023-22515

https://github.com/kh4sh3i/CVE-2023-22515

https://github.com/joaoviictorti/CVE-2023-22515

https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

https://github.com/ErikWynter/CVE-2023-22515-Scan

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/Chocapikk/CVE-2023-22515

https://github.com/ad-calcium/CVE-2023-22515

https://github.com/j3seer/CVE-2023-22515-POC

https://github.com/sincere9/CVE-2023-22515

https://github.com/Le1a/CVE-2023-22515

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2023_22515.rb

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/atlassian_confluence_auth_bypass.rb

https://github.com/youcannotseemeagain/CVE-2023-22515_RCE

https://github.com/AIex-3/confluence-hack

https://github.com/aaaademo/Confluence-EvilJar

https://github.com/joaoviictorti/CVE-2023-22515

http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html

https://github.com/kh4sh3i/CVE-2023-22515

Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
NVD-CWE-noinfo

Recent Publish

CVE-2023-34048

CVE-2023-43208

CVE-2023-46747

CVE-2024-28986

2024-08 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5041578)

2024-08 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5041578)

See SecOps Solution
in action

Schedule Demo