Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit

Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.

A critical privilege-escalation vulnerability in Atlassian Confluence Server and Confluence Data Center has been disclosed, with evidence of exploitation in the wild as a zero-day bug.
The flaw (CVE-2023-22515) affects on-premises instances of the platforms, in versions 8.0.0 and after.
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances, according to
Atlassians advisory on CVE-2023-22515
, released late on Oct. 4.
Atlassian didnt provide a CVSSv3 score, but according to its
internal severity level ratings
, the score would be in the range of 9 to 10.
The stakes are high. Many organizations use Confluence for project management and collaboration among teams scattered across on-premises and remote locations. Often Confluence environments can house sensitive data on both internal projects as well as its customers and partners.
The critical designation is a fairly rare one for privilege escalation issues, Rapid7 researcher Caitlin Condon pointed out in an
alert on the Confluence bug
.
However, the Atlassian advisory goes on to note that instances on the public Internet are particularly at risk, as this vulnerability is exploitable anonymously, indicating that its remotely exploitable, she explained — a rare situation. She noted that the critical rating is typically more consistent with an authentication bypass or remote code-execution chain than a privilege-escalation issue by itself.
However, Condon added, Its possible that the vulnerability could allow a regular user account to elevate to admin — notably, Confluence allows for new user sign-ups with no approval, but this feature is disabled by default.
Atlassian has issued a patch; fixed versions are: 8.3.3 or later; 8.4.3 or later; and 8.5.2 (Long Term Support release) or later.
As far as other protection options, Atlassian doesnt specify where the bug resides or any other technical details, though it does note that known attack vectors can be mitigated by blocking access to the /setup/* endpoints on Confluence instances, which is a good indicator of where the problem resides.
Admins should restrict external network access to vulnerable systems until they can be upgraded, and Atlassian recommends checking all affected Confluence instances for the indicators of compromise (IoCs) listed in the advisory.
Patching should be top-of-mind; Atlassian is
a known target for cyberattackers
, as evidenced by the current zero-day exploitation, but theres also further precedent. In June 2022,
Atlassian disclosed another critical zero-day vulnerability
affecting Confluence Server and Data Center (CVE-2022-26134), this one a more typical remote code execution vulnerability. Proof-of-concept scripts and mass exploitation quickly followed the disclosure,
peaking at 100,000 exploitation attempts daily
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit