Atlassian's Confluence Data Center and Confluence Server are currently facing zero-day vulnerability attacks due to CVE-2023-22515. CVE-2023-22515 reflects two types of vulnerabilities in on-premises instances of Confluence Data Center and Server: privilege escalation and broken access control.
Broken access control means that there is a flaw or vulnerability in the restriction and authentication setup for company data. With this vulnerability in Confluence Data Center and Confluence Server, hackers can create unauthorized Confluence administrator accounts and access Confluence instances.
The following Confluence Data Center and Confluence Server versions: 8.3.3 or later 8.4.3 or later 8.5.2 (Long Term Support release) or later