A critical vulnerability, tracked as CVE-2023-22515, has been discovered in on-premise installations of Confluence Server and Confluence Data Center. This vulnerability, categorized as a critical privilege escalation flaw (CVSS score – 10), is being actively exploited. Atlassian has not disclosed the specific origin of the vulnerability within Confluence setups, but it has noted that "/setup/*" endpoints are indicators of compromise.
If successful, an attacker could establish Confluence administrator accounts and gain access to Confluence instances. Atlassian has confirmed that this vulnerability does not affect cloud instances (Confluence sites accessed via atlassian.net domains). Given the active exploitation in user environments, Atlassian strongly advises on-premise Confluence Server and Data Center users to promptly update to a patched version.
Also, Atlassian’s advisory states that instances accessible on the public internet are especially vulnerable, as this vulnerability can be exploited without authentication. Please see the impacted Confluence Data Center and Server versions:
While Atlassian does offer mitigations for CVE-2023-22515, it is strongly recommended that users upgrade to the fixed versions of Confluence Data Center and Confluence Server as soon as possible. Please note that versions prior to 8.0.0 are not affected by this vulnerability.
According to Atlassian, here are the fixed versions of Confluence Data Center and Confluence Server:
For affected versions, Atlassian strongly recommends:
INDICATORS OF COMPROMISE (IoCs)
Atlassian has listed the following IoCs that can help organizations determine if they have been impacted by CVE-2023-22515: