CVE-2023-22518 – Improper Authorization Vulnerability In Confluence Data Center and Confluence Server


An unauthenticated attacker could exploit an improper authorization vulnerability in Confluence Data Center and Server, leading to significant data loss. Immediate action is required to protect instances through the installation of high-priority patches.

Key Takeaways

  • Confluence Data Center and Server are vulnerable to an improper authorization vulnerability.
  • There have been no reports of active exploitation, but immediate action is necessary.
  • All versions of Confluence Data Center and Server are affected.
  • Atlassian rates the severity level of this vulnerability as critical.
  • Atlassian Cloud sites are not affected.
  • Patching to the fixed LTS version or later is recommended.
  • Customers should subscribe to Atlassian’s Alert emails for future notifications.