CVE-2023-22515

Description

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

NVD

Severity: CRITICAL
CVE ID: CVE-2023-22515
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Atlassian

Severity: CRITICAL
CVE ID: CVE-2023-22515
CVSS Score: 10.0
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2023-22515

Refrence: Project Discovery GitHub

ErikWynter

Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence

Refrence: GitHub

j3seer

Poc for CVE-2023-22515

Refrence: GitHub

Chocapikk

CVE-2023-22515: Confluence Broken Access Control Exploit

Refrence: GitHub

ad-calcium

Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具

Refrence: GitHub

kh4sh3i

CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server

Refrence: GitHub

sincere9

Confluence未授权添加管理员用户漏洞利用脚本

Refrence: GitHub

Le1a

Confluence Data Center & Server 权限提升漏洞 Exploit

Refrence: GitHub

Vulnmachines

Confluence Broken Access Control

Refrence: GitHub

iveresk

iveresk-CVE-2023-22515

Refrence: GitHub

youcannotseemeagain

Confluence后台rce

Refrence: GitHub

DsaHen

cve-2023-22515的python利用脚本

Refrence: GitHub

joaoviictorti

CVE-2023-22515 (Confluence Broken Access Control Exploit)

Refrence: GitHub

C1ph3rX13

CVE-2023-22515

Refrence: GitHub

AIex-3

CVE-2023-22515

Refrence: GitHub

LucasPDiniz

Server Broken Access Control in Confluence - CVE-2023-22515

Refrence: GitHub

aaaademo

配合 CVE-2023-22515 后台上传jar包实现RCE

Refrence: GitHub

edsonjt81

Refrence: GitHub

INTfinityConsulting

Confluence broken access control to code execution

Refrence: GitHub

CalegariMindSec

A simple exploit for CVE-2023-22515

Refrence: GitHub

rxerium

Atlassian Confluence Data Center and Server Broken Access Control Vulnerability

Refrence: GitHub

fyx1t

NSE script for checking the presence of CVE-2023-22515

Refrence: GitHub

Content on GitHub

spark1security | watchers:29

n0s1
Secret Scanner for Jira, Confluence, Asana, Wrike and Linear

Refrence: GitHub

getdrive | watchers:59

PoC
PoC. Severity critical.

Refrence: GitHub