CVE-2023-22515: Atlassian Confluence Data Center and Server Broken Access

Atlassian Confluence Data Center and Server Broken Access Control Vulnerability. Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.

• CISA KEV-listed (remediation due 2023-10-13)
• used in ransomware campaigns
• EPSS 94.3% (100.0% percentile)

Related briefings

• Microsoft Exposes Onyx Sleet's Expanding Malware Arsenal Targeting Aerospace and Defense Organizations 2026-02-16

Browse the CVE database

Read the full analysis on IntelFusions