- 278/2023
- Critical
Atlassian has released a security update to address a critical vulnerability across all versions of Confluence Data Center and Confluence Server products.
The addressed vulnerability could allow the unauthenticated remote attacker to cause significant data loss on the vulnerable Confluence Data Center and Server but there is no impact to confidentiality as the attacker cannot exfiltrate any instance data.
Improper Authorization Vulnerability In Confluence Data Center and Confluence Server (CVE-2023-22518):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via the “atlassian.net” domain, it is hosted by Atlassian and is not vulnerable to the mentioned vulnerability.
Vulnerabilities
CVE-2023-22518
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.