Atlassian - RCE (CVE-2023-22515)
8177Exploiting IPs reported
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CrowdSec analysis
CVE-2023-22515 is a critical vulnerability in Atlassian Confluence Data Center and Server that allows remote attackers to create unauthorized administrator accounts, potentially granting full control over affected Confluence instances.
CrowdSec has been tracking this vulnerability and its exploits since 6th of October 2023.
CrowdSec network data shows that most actors exploiting CVE-2023-22515 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. CrowdSec network telemetry also shows that exploitation of CVE-2023-22515 has significantly declined over the past week. Attack volumes are well below the long-term average, suggesting attackers are rapidly losing interest. The vulnerability appears to be falling out of active use across most threat landscapes.
Attack patterns are focused on identifying and exploiting publicly accessible instances, rather than those hosted under the atlassian.net domain.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.