On October 31, 2023, Atlassian published an advisory on CVE-2023-22518, an Improper authorization vulnerability involving the Confluence Data Center and Server.
Initially reported to cause data loss, it was eventually revealed that exploiting this vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, allowing them to perform all admin privileges available to these accounts. Furthermore, the company disclosed that the vulnerability’s proof-of-concept (PoC) was leaked to the public on November 2, 2023.
Read more…
Source: Trend Micro