🔐 CVE Alert

CVE-2023-22518

CRITICAL 10.0 ⚠️ CISA KEV
CVSS Score
10.0
EPSS Score
0.0%
EPSS Percentile
0th

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.  Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Vendor atlassian
Product confluence data center
Ecosystems
Industries
TechnologyEnterprise
Published Oct 31, 2023
Last Updated Oct 21, 2025
⚠️ Actively Exploited — Act Now

Get instant alerts for atlassian confluence data center

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-22518.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Versions

Atlassian / Confluence Data Center
>= 1.0.0
Atlassian / Confluence Server
>= 1.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
confluence.atlassian.com: https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907 jira.atlassian.com: https://jira.atlassian.com/browse/CONFSERVER-93142 packetstormsecurity.com: http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22518

Credits

-