October 16, 2023

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

October 16, 2023

What we know so far

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint advisory about the critical CVE-2023-22515 vulnerability affecting certain versions of Atlassian Confluence Data Center and Server. This vulnerability allows malicious actors to create unauthorized administrator accounts, potentially compromising Confluence instances. It has been actively exploited by nation-state threat actors, posing a significant threat. Organizations are strongly urged to apply Atlassian's provided upgrades and conduct network security checks for signs of compromise. The ease of exploitation makes continued widespread attacks likely.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories