CVE-2023-22518
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
94.4%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Technical Details
- Published
- 10/31/2023
Frequently Asked Questions
What is CVE-2023-22518?
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Is CVE-2023-22518 actively exploited?
Active exploitation of CVE-2023-22518 has not been confirmed. The EPSS score is 94.4%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2023-22518?
CVE-2023-22518 has a CVSS v3 base score of 9.8 (CRITICAL severity).
Is CVE-2023-22518 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.