CVE-2023-22518

Published Oct 31, 2023

Last updated 7 months ago

Exploit knownCVSS critical 9.8
web application

Overview

Description
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.  Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Source
security@atlassian.com
NVD status
Analyzed
Products
confluence_data_center, confluence_server

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

CVSS 3.0

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Exploit added on
Nov 7, 2023
Exploit action due
Nov 28, 2023
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-863
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-863

Social media

Hype score
Not currently trending

  1. CVE-2023-22518: Atlassian Confluence Data Center and Server Improper Authorization Vulnerability ✉️ ☕ #Zukunft #Automation #Robotik https://t.co/jbq2jDjikb

    @CanerKara1903

    22 Dec 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #Sandworm Timeline: 2021-2022: WatchGuard exploitation (CVE-2022-26318) detected by Amazon MadPot; misconfigured device targeting observed 2022-2023: Confluence vulnerability exploitation (CVE-2021-26084, CVE-2023-22518); continued misconfigured device targeting 2024: Veeam https

    @blackorbird

    17 Dec 2025

    2385 Impressions

    5 Retweets

    12 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  3. GitHub - ductink98lhp/analyze-Exploit-CVE-2023-22518-Confluence https://t.co/nBQNV8te3q

    @akaclandestine

    5 May 2025

    1000 Impressions

    2 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function VulnerabilityCVE-2026-41940
  2. Apache ActiveMQ Improper Input Validation VulnerabilityCVE-2026-34197
  3. The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.CVE-2026-2020
  4. An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.CVE-2026-24663
  5. Google Chromium CSS Use-After-Free VulnerabilityCVE-2026-2441

References

Sources include official advisories and independent security research.