This Cybersecurity Threat Advisory highlights a new security flaw that has recently been discovered in Atlassian’s Confluence Data Center and Server, which could result in significant data loss if exploited. Tracked as CVE-2023-22518, this vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described by Atlassian as an “improper authorization vulnerability.”

What is the exposure or risk?

All versions of Confluence Data Center and Server are at risk of being affected by this vulnerability. Because Confluence sites are only accessible via an atlassian.net domain, there is no impact to confidentiality because attackers are unable to exfiltrate data from that domain. Versions outside of the support window, including those which have reached the end of their services (or End of Life, when manufacturers no longer support that type of hardware) may also be affected.