Atlassian - RCE (CVE-2023-22515)
7644Exploiting IPs reported
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CrowdSec analysis
CVE-2023-22515 is a critical vulnerability in Atlassian Confluence Data Center and Server that allows remote attackers to create unauthorized administrator accounts, potentially granting full control over affected Confluence instances.
CrowdSec has been tracking this vulnerability and its exploits since 6th of October 2023.
CrowdSec network data shows that most actors exploiting CVE-2023-22515 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2023-22515 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2023-22515 is currently experiencing high visibility and active exploitation across the internet.
Attack patterns are focused on identifying and exploiting publicly accessible instances, rather than those hosted under the atlassian.net domain.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.