CVE-2023-22515
Description
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Severity: CRITICAL
CVE ID: CVE-2023-22515
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVE ID: CVE-2023-22515
CVSS Score: 10.0
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-22515
Refrence: Project Discovery GitHub
ErikWynter
Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
Refrence: GitHub
j3seer
Poc for CVE-2023-22515
Refrence: GitHub
Chocapikk
CVE-2023-22515: Confluence Broken Access Control Exploit
Refrence: GitHub
ad-calcium
Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具
Refrence: GitHub
kh4sh3i
CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server
Refrence: GitHub
sincere9
Confluence未授权添加管理员用户漏洞利用脚本
Refrence: GitHub
Le1a
Confluence Data Center & Server 权限提升漏洞 Exploit
Refrence: GitHub
Vulnmachines
Confluence Broken Access Control
Refrence: GitHub
iveresk
iveresk-CVE-2023-22515
Refrence: GitHub
youcannotseemeagain
Confluence后台rce
Refrence: GitHub
DsaHen
cve-2023-22515的python利用脚本
Refrence: GitHub
joaoviictorti
CVE-2023-22515 (Confluence Broken Access Control Exploit)
Refrence: GitHub
C1ph3rX13
CVE-2023-22515
Refrence: GitHub
AIex-3
CVE-2023-22515
Refrence: GitHub
LucasPDiniz
Server Broken Access Control in Confluence - CVE-2023-22515
Refrence: GitHub
aaaademo
配合 CVE-2023-22515 后台上传jar包实现RCE
Refrence: GitHub
edsonjt81
Refrence: GitHub
INTfinityConsulting
Confluence broken access control to code execution
Refrence: GitHub
CalegariMindSec
A simple exploit for CVE-2023-22515
Refrence: GitHub
rxerium
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Refrence: GitHub
fyx1t
NSE script for checking the presence of CVE-2023-22515
Refrence: GitHub
Content on GitHub
spark1security | watchers:29
n0s1
Secret Scanner for Jira, Confluence, Asana, Wrike and Linear
Refrence: GitHub
getdrive | watchers:59
PoC
PoC. Severity critical.
Refrence: GitHub