* [Blog](https://www.paloaltonetworks.com/blog) * [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/) * [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/) * Critical Vulnerability in... # Critical Vulnerability in Confluence Data Center and Server CVE-2023-22515 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fconfluence-unauthenticated-critical-vulnerability-2023%2F) [](https://twitter.com/share?text=Critical+Vulnerability+in+Confluence+Data+Center+and+Server+CVE-2023-22515&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fconfluence-unauthenticated-critical-vulnerability-2023%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fconfluence-unauthenticated-critical-vulnerability-2023%2F&title=Critical+Vulnerability+in+Confluence+Data+Center+and+Server+CVE-2023-22515&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/confluence-unauthenticated-critical-vulnerability-2023/&ts=markdown) \[\](mailto:?subject=Critical Vulnerability in Confluence Data Center and Server CVE-2023-22515) Link copied By [Kabeer Saxena](https://www.paloaltonetworks.com/blog/author/kabeer-saxena/?ts=markdown "Posts by Kabeer Saxena") Nov 17, 2023 4 minutes [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown) [Vulnerability Exposed](https://www.paloaltonetworks.com/blog/category/vulnerability-exposed/?ts=markdown) [Confluence Exploit](https://www.paloaltonetworks.com/blog/tag/confluence-exploit/?ts=markdown) In the dynamic realm of cybersecurity, certain vulnerabilities capture more attention than others. One such flaw is CVE-2023-22515, which affects the Confluence Data Center and Server. This vulnerability has raised eyebrows across the cybersecurity sector because of the potential threats it introduces, including unauthorized access and the ability to escalate privileges. In this blog post, we break down the specifics of CVE-2023-22515, its consequences, and the best ways to safeguard against it. ## The Heart of the Matter: What Is CVE-2023-22515? CVE-2023-22515 is a broken access control vulnerability that affects Confluence Data Center and Server. It allows malicious actors to create unauthorized administrator accounts, granting them unrestricted access to the Confluence platform. ### Vulnerability Specs Atlassian, the developer of Confluence, has acknowledged this vulnerability and categorized it as a broken access control issue. They have emphasized the need for immediate action and recommend users upgrade to the latest version to safeguard their systems. Atlassian rates the severity level of this vulnerability as Critical CVSS 10. Affected Versions: 8\.0.0 - 8.0.4 8\.1.0 - 8.1.4 8\.2.0 - 8.2.3 8\.3.0 - 8.3.2 8\.4.0 - 8.4.2 8\.5.0 - 8.5.1 Versions prior to 8.0.0 are not affected by this vulnerability. It's also essential to note that [Atlassian Cloud sites are not susceptible to this vulnerability](https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html). If you're using Confluence through an atlassian.net domain, it's hosted directly by Atlassian and protected from this threat. ## Exploitation in the Wild As an unauthenticated broken access control vulnerability, CVE-2023-22515 is susceptible to remote attack. Even when attackers lack authentication, they can take advantage of CVE-2023-22515 to establish unauthorized administrator accounts and gain access to Confluence instances. Attackers can also manipulate the Confluence server's settings to suggest that the setup process hasn't been finalized. From there, attackers can utilize the /setup/setupadministrator.action endpoint to set up a new admin user. The vulnerability is activated through a request directed at the unauthenticated /server-info.action endpoint. If a susceptible version of Confluence Data Center and Server is in place, exploiting it becomes direct and uncomplicated. The attacker can deceive the Confluence server into thinking its setup hasn't been finalized by dispatching a GET request to the '/server-info.action' endpoint. ![Dispatching a GET request to the ‘/server-info.action’ endpoint.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/Screenshot-2023-11-13-at-4.21.19-PM.png) Figure 1: A GET request is dispatched to the '/server-info.action' endpoint. ![GET request exploit on the vulnerable /server-info.action endpoint, triggering CVE-2023-22515](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/figure2-cve.png) Figure 2: GET request exploit on the vulnerable /server-info.action endpoint, triggering CVE-2023-22515 The attacker can then dispatch a follow-up POST request, supplying the required data to establish an account with administrative privileges. ![Example of the POST request](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/Screenshot-2023-11-13-at-5.04.35-PM.png) Figure 3: Example of the POST request ![An example of a POST request used by attackers to create unauthorized admin accounts through CVE-2023-22515](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/CVE-112223.png) Figure 4: Example of a POST request used by attackers to create unauthorized admin accounts through CVE-2023-22515 If the request goes through successfully, the specified user account with administrative rights will be established, allowing the attacker to access the Confluence homepage and manage the dashboard with full administrative permissions. ![The successful creation of an admin account via CVE-2023-22515, granting attackers full access to the Confluence platform](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/word-image-308815-3.png) Figure 5: The successful creation of an admin account via CVE-2023-22515, granting attackers full access to the Confluence platform ![Confluence dashboard under the control of an attacker as an admin user following the exploitation of CVE-2023-22515](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/word-image-308815-4.png) Figure 6: Confluence dashboard under the control of an attacker as an admin user following the exploitation of CVE-2023-22515 ## Steps to Safeguard Your Systems ### Get the Patch Although it goes without saying, upgrade to the latest version of Confluence Data Center and Server immediately. This is the most effective way to patch the vulnerability. ### Implement Mitigation Strategies If an immediate upgrade isn't feasible, consider restricting external network access to the affected instance. Additionally, block access to the /setup/\* endpoints on Confluence instances. ### Engage in Active Threat Detection Collaborate with your security team to monitor for indicators of compromise. Look out for unexpected members in the confluence-administrator group or unusual user account creations. CVE-2023-22515 serves as a reminder of the importance of proactive cybersecurity measures. With the increasing sophistication of cyberthreats, organizations must stay vigilant, regularly update their systems and invest in robust cybersecurity infrastructure. By understanding the nuances of such vulnerabilities and taking timely action, organizations can safeguard their digital assets and maintain trust with their stakeholders. ## Learn More To learn about [Prisma Cloud's latest innovations](https://www.paloaltonetworks.com/prisma/cloud/latest), tune in to our on-demand virtual event, [CNAPP Supercharged: A Radically New Approach to Cloud Security](https://start.paloaltonetworks.com/prisma-cloud-new-innovations-for-the-future-of-cloud-security-webinar-on-demand.html), where we'll show you how to streamline app lifecycle protection. And if you haven't tried Prisma Cloud, take it for a test drive with a free[30-day Prisma Cloud trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial). *** ** * ** *** ## Related Blogs ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown) [#### Where Cloud Security Stands Today and Where AI Breaks It](https://www.paloaltonetworks.com/blog/2025/12/cloud-security-2025-report-insights/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown) [#### Don't Let Inactive AI Models Linger: Reduce Risk and Cost with Cortex Cloud](https://www.paloaltonetworks.com/blog/cloud-security/cloud-security-inactive-ai-model-risk/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown) [#### Resilience by Design: Security in the Age of Offensive AI](https://www.paloaltonetworks.com/blog/cloud-security/resilence-by-design/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud ASM](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-asm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown) [#### What's New in Cortex Cloud](https://www.paloaltonetworks.com/blog/cloud-security/attack-surface-dspm-fim/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [Artificial Intelligence](https://www.paloaltonetworks.com/blog/cloud-security/category/artificial-intelligence/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [CSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/cspm/?ts=markdown) [#### The Rise of AI-Powered IDEs: What the Windsurf Acquisition News Mean for Security Teams](https://www.paloaltonetworks.com/blog/cloud-security/windsurf-openai-acquisition/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Vulnerability Exposed](https://www.paloaltonetworks.com/blog/category/vulnerability-exposed/?ts=markdown) [#### DeepSeek Unveiled --- Exposing the GenAI Risks Hiding in Plain Sight](https://www.paloaltonetworks.com/blog/2025/02/deepseek-unveiled-exposing-genai-risks-hiding-in-plain-sight/) ### Subscribe to Cloud Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language