Source: www.upguard.com
Atlassian Confluence Zero-Day Vulnerability: What Is CVE-2023-25515? | UpGu
Atlassian's Confluence Data Center and Confluence Server are currently facing zero-day vulnerability attacks due to CVE-2023-22515. CVE-2023-22515 reflects two types of vulnerabilities in on-premises instances of Confluence Data Center and Server: privilege escalation and broken access control.
Broken access control means that there is a flaw or vulnerability in the restriction and authentication setup for company data. With this vulnerability in Confluence Data Center and Confluence Server, hackers can create unauthorized Confluence administrator accounts and access Confluence instances.
The following Confluence Data Center and Confluence Server versions: 8.3.3 or later 8.4.3 or later 8.5.2 (Long Term Support release) or later
Broken access control means that there is a flaw or vulnerability in the restriction and authentication setup for company data. With this vulnerability in Confluence Data Center and Confluence Server, hackers can create unauthorized Confluence administrator accounts and access Confluence instances.
The following Confluence Data Center and Confluence Server versions: 8.3.3 or later 8.4.3 or later 8.5.2 (Long Term Support release) or later
Related Articles
Community Partners
DevOps Careers