Atlassian Confluence - RCE (CVE-2023-22515)
8849Exploiting IPs reported
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CrowdSec analysis
CVE-2023-22515 is a critical vulnerability in Atlassian Confluence Data Center and Server that allows remote attackers to create unauthorized administrator accounts, potentially granting full control over affected Confluence instances.
CrowdSec has been tracking this vulnerability and its exploits since 6th of October 2023.
CrowdSec network data shows that most actors exploiting CVE-2023-22515 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Data from the CrowdSec community also indicates a gradual decrease in attacks targeting CVE-2023-22515. While still present in the wild, exploitation levels have dropped noticeably week-over-week. This may signal that the vulnerability is becoming less relevant or that defenses are improving fast enough for attackers to lose interest.
Attack patterns are focused on identifying and exploiting publicly accessible instances, rather than those hosted under the atlassian.net domain.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.