Critical Vulnerability in Atlassian Confluence Data Center and Server

Published on 01 Nov 2023

Atlassian has released security updates to address a critical vulnerability (CVE-2023-22518) in their Confluence Data Center and Server products.

Successful exploitation of the improper authorisation vulnerability by an unauthenticated attacker could lead to significant data loss.

The vulnerability affects all versions of the Atlassian Confluence Data Center and Server products prior to the fixed versions listed below:

  • 7.19.16 or later
  • 8.3.4 or later
  • 8.4.4 or later
  • 8.5.3 or later
  • 8.6.1 or later

Users and administrators of affected product versions are advised to update to the latest versions immediately.

If immediate patching is not possible, users and administrators of affected product versions are advised to apply the following mitigating measures as a temporary solution:

More information is available here:

https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-confluence-server-1311473907.html

https://nvd.nist.gov/vuln/detail/CVE-2023-22518