CVE-2023-22515

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability

Entry Details

Vulnerability ID

CVE-2023-22515

Status

Confirmed

Exploited

Yes

Status Updated At

2023-10-05 00:00 UTC

Timestamps

First Seen At

2023-10-05

Asserted At

2023-10-05

Scope

Notes

KEV entry: Atlassian Confluence Data Center and Server Broken Access Control Vulnerability | Affected: Atlassian / Confluence Data Center and Server | Description: Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA. | Due date: 2023-10-13 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22515

References

{'id': 'CVE-2023-22515', 'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-22515'}

Entry UUID

a260f746-e5fe-4395-a245-6cfc975d33c2

Catalog Origin UUID

405284c2-e461-4670-8979-7fd2c9755a60

Created

2026-02-02 13:24 UTC

Last Updated

2026-02-06 07:53 UTC

Evidence (1)

Type Source Signal Confidence Details GCVE Metadata

Type	Source	Signal	Confidence	Details	GCVE Metadata
vendor_report	cisa-kev	successful_exploitation	0.80	View details `{ "cwes": [], "date_added": "2023-10-05", "due_date": "2023-10-13", "feed": "CISA Known Exploited Vulnerabilities Catalog", "knownRansomwareCampaignUse": "Known", "product": "Confluence Data Center and Server", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Data Center and Server Broken Access Control Vulnerability" }`	-

vendor_report

cisa-kev

successful_exploitation

0.80

View details

{
  "cwes": [],
  "date_added": "2023-10-05",
  "due_date": "2023-10-13",
  "feed": "CISA Known Exploited Vulnerabilities Catalog",
  "knownRansomwareCampaignUse": "Known",
  "product": "Confluence Data Center and Server",
  "vendorProject": "Atlassian",
  "vulnerabilityName": "Atlassian Confluence Data Center and Server Broken Access Control Vulnerability"
}

Export Options

JSON Object JSON API View Full Catalog