Atlassian Confluence Server - Improper Authorization CVE-2023-22518
- CVSSv3 Score
- Vulnerability description
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.\n
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.
We recommend you to upgrade the affected software to the latest version, which mitigates this vulnerability.
- Not available