Get a demo
Voyager18 (research)

How to fix CVE-2023-22515 in Confluence

The zero-day CVE-2023-22515 has been discovered in Confluence Server and Data Center. Here's what you need to know.

Orani Amroussi | October 17, 2023

A critical zero-day vulnerability identified as CVE-2023-22515 has emerged, affecting on-premises installations of Confluence Server and Data Center.

This vulnerability poses a significant risk as it could potentially allow malicious actors to escalate their privileges within the system, leading to unauthorized access and control. In this post, we delve into what CVE-2023-22515 is, its impact, its exploitation in the wild, and the steps you can take to secure your Confluence instances from this threat.

What is CVE-2023-22515?

CVE-2023-22515 is a critical vulnerability discovered in on-premises instances of Confluence Server and Confluence Data Center, which could allow attackers to escalate privileges by exploiting broken access control flaws, potentially enabling unauthorized administrator account creations1.

Does it affect me?

If you are using versions 8.0.0 through 8.5.1 of Confluence Server or Data Center, you are affected. However, versions prior to 8.0.0 and Atlassian Cloud sites are not impacted. More information is available in Atlassian’s advisory on this vulnerability.

Has CVE-2023-22515 been actively exploited in the wild?

Yes, there have been reports of exploitation where attackers created unauthorized administrator accounts on vulnerable Confluence instances. This vulnerability has been exploited in user environments1.



Fixing CVE-2023-22515

To mitigate this issue, it is advised to update to a fixed version: 8.3.3, 8.4.3, or 8.5.2 (Long Term Support release) or later. Additionally, restricting external network access and blocking access to the /setup/* endpoints on Confluence instances are recommended until the system is updated.

Next steps

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. Announcing the Attack Path Graph for end-to-end risk prioritization
  2. Can you trust ChatGPT’s package recommendations?
  3. MITRE ATTACK framework – Mapping techniques to CVEs  
  4. Exploit maturity: an introduction  
  5. IBM’s Cost of a Data Breach report 2023 – what we learned

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy