CVE-2023-22515

ENISA EUVD: EUVD-2023-26655 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 9 articles Published: 2023-10-04
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
94.35%
probability
This CVE has a 94.35% probability of being exploited in the next 30 days.
0% Top 100.0th percentile of all CVEs 100%

CVSS v3.0

Source: VulnerabilityLookup (CIRCL)
10
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Affected Products

Atlassian
Confluence Data Center
< 8.0.0 >= 8.0.0 >= 8.0.1 >= 8.0.2 >= 8.0.3 >= 8.1.3
Atlassian
Confluence Server
< 8.0.0 >= 8.0.0 >= 8.0.1 >= 8.0.2 >= 8.0.3 >= 8.1.3

Attack Intelligence

Google Project Zero

Patched
Oct. 4, 2023
Reported by
???
Root Cause Analysis
???

Exploits & PoC

Chocapikk/CVE-2023-22515

CVE-2023-22515: Confluence Broken Access Control Exploit

151 2025-11-12
ad-calcium/CVE-2023-22515

Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具

110 2023-10-16
ErikWynter/CVE-2023-22515-Scan

Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence

78 2023-10-06
AIex-3/confluence-hack

CVE-2023-22515

52 2023-11-10
K4ptor/CVE-2023-22515

Confluence Unauthorized Administrator User Addition Exploitation Script

25 2026-03-26
aaaademo/Confluence-EvilJar

配合 CVE-2023-22515 后台上传jar包实现RCE

23 2023-11-09
youcannotseemeagain/CVE-2023-22515_RCE

Confluence后台rce

20 2023-10-20
j3seer/CVE-2023-22515-POC

Poc for CVE-2023-22515

8 2023-10-10
Le1a/CVE-2023-22515

Confluence Data Center & Server 权限提升漏洞 Exploit

6 2023-10-13
kh4sh3i/CVE-2023-22515

CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server

5 2026-03-26
spareack/CVE-2023-22515-NSE

Vulnerability checking tool via Nmap Scripting Engine

4 2024-11-19
Vulnmachines/confluence-cve-2023-22515

Confluence Broken Access Control

3 2023-10-13
LucasPDiniz/CVE-2023-22515

Server Broken Access Control in Confluence - CVE-2023-22515

2 2024-06-30
fyx1t/NSE--CVE-2023-22515

NSE script for checking the presence of CVE-2023-22515

2 2024-04-26
iveresk/CVE-2023-22515

iveresk-CVE-2023-22515

1 2023-10-13
C1ph3rX13/CVE-2023-22515

CVE-2023-22515

1 2023-12-12
rxerium/CVE-2023-22515

Atlassian Confluence Data Center and Server Broken Access Control Vulnerability

1 2025-10-14
Arkha-Corvus/LetsDefend-SOC235-Atlassian-Confluence-Broken-Access-Control-0-Day-CVE-2023-22515-EventID-197

I was presented with a high-severity alert indicating a potential exploit attempt of CVE-2023-22515, a zero-day vulnerability in Atlassian Confluence.

1 2025-10-24
DsaHen/cve-2023-22515-exp

cve-2023-22515的python利用脚本

0 2023-10-21
edsonjt81/CVE-2023-22515-Scan.
0 2024-05-21
INTfinityConsulting/cve-2023-22515

Confluence broken access control to code execution

0 2023-11-30
s1d6point7bugcrowd/CVE-2023-22515-check

This script will inform the user if the Confluence instance is vulnerable, but it will not proceed with the exploitation steps.

0 2024-06-20
xorbbo/cve-2023-22515

NSE script to check if app is vulnerable to cve-2023-22515

0 2024-06-08
Onedy1703/CVE-2023-22515-Confluence

CVE 2023-22515

0 2026-01-12
vivigotnotime/CVE-2023-22515-Exploit-Script
0 2025-02-24
tranphuc2005/CVE-2023-22515
0 2025-09-06
CyberSentinel321/cve-2023-22515-lab

Hands-on security lab demonstrating CVE-2023-22515 — Atlassian Confluence Authentication Bypass using a simulated vulnerable environment.

0 2025-11-21
dkq-k/CVE-2023-22515
0 2026-01-16
dkq-k/cve-2023-22515-1
0 2026-01-16
29 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 94.35%
CVSS v3.0 10
Mentions 9
Last Seen Feb 25, 2025

CNA Information

CNA Assigner
atlassian

Analyst Note

CVE-2023-22515 is a critical zero-day vulnerability (CVSS 10.0) in Confluence Data Center/Server that enables unauthorized admin account creation, confirmed by Atlassian and reported by Google Project Zero. The vulnerability affects publicly accessible instances with real-world exploitation evidence, though CISA KEV listing and broader coverage remain limited.

Threat Actors 18

MuddyWater
apt_group Information theft and espionage 🇮🇷 IR
Lazarus Group
apt_group Information theft and espionage 🇰🇵 KP
Cobalt
apt_group Financial crime 🇷🇺 RU
APT37
apt_group Information theft and espionage 🇰🇵 KP
APT 28
apt_group Information theft and espionage 🇷🇺 RU
Kimsuky
apt_group Information theft and espionage 🇰🇷 KR
CHRYSENE
apt_group Information theft and espionage 🇮🇷 IR
Hacking Team
apt_group 🇮🇹 IT
Tick
apt_group Information theft and espionage 🇨🇳 CN
UAC-0020
apt_group 🇺🇦 UA
SideWinder
apt_group 🇮🇳 IN
RAZOR TIGER
apt_group Information theft and espionage 🇮🇳 IN
Larva-208
apt_group 🇷🇺 RU
Storm-0530
apt_group 🇰🇵 KP
Moonstone Sleet
apt_group 🇰🇷 KR
Storm-0062
apt_group 🇨🇳 CN
Ukrainian Cyber Alliance
apt_group 🇺🇦 UA
Operation Black Atlas
apt_group Financial crime

Triage Info

Decided atMar 03, 2026
Published DateOct 04, 2023