CVE-2023-22515: Atlassian Confluence Privilege Escalation

Score: 10
CRITICAL
Published: 2023-10-04Affected: Confluence Data Center/Server 8.0.0-8.5.1CWE-269 β†—

Can Confluence be compromised by unauthenticated attackers?

A broken access control vulnerability in Atlassian Confluence that allows unauthenticated attackers to create administrator accounts through the server setup process. Accessible via crafted HTTP requests to exposed Confluence instances.

Impact & Exploitation

CVSS 10.0. Exploited by Chinese APT Storm-0062. Enables complete Confluence takeover, access to all documentation, and potential supply chain compromise through CI/CD integration.

Related Resources

πŸ“– Security Guides

πŸ›‘οΈ Notable Vulnerabilities

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS10
SeverityCRITICAL
CWECWE-269
Published2023-10-04

Tags

atlassianconfluenceauth-bypassapt

Quick Links

Is your system affected?

Precogs AI detects Atlassian Confluence Privilege Escalation in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2023-22515 Atlassian Confluence Privilege Escalation don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo