All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attack
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but…
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
This vulnerability is currently on the CISA KEV list, which CISA only adds CVEs to when there is reliable evidence of active exploitation in the wild. For federal civilian agencies, BOD 22-01 requires remediation by the due date above. For everyone else, KEV is the strongest "patch immediately" signal you can get from public threat intel.
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Confluence Data Center | < 1.0.0, >= 1.0.0, >= 7.19.16, >= 8.3.4, >= 8.4.4, >= 8.5.3, >= 8.6.1 |
| Atlassian | Confluence Server | < 1.0.0, >= 1.0.0, >= 7.19.16, >= 8.3.4, >= 8.4.4, >= 8.5.3, >= 8.6.1 |
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection: