| Excerpt |
|---|
Atlassian is aware of a problem that a few customers have reported. Attackers from outside the company may have used a previously unknown flaw in publicly accessible Confluence Data Center and Server instances to make fake Confluence administrator accounts and get into Confluence instances. |
Severity
Atlassian rates the severity level of this vulnerability as Critical CVSS 10, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is our assessment, and you should evaluate its applicability to your own IT environment.
CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server
...
Publicly accessible Confluence Data Center and Server versions as listed below are at critical risk and require immediate attention. See ‘What You Need to Do’ for detailed instructions.
Severity
Atlassian rates the severity level of this vulnerability as Critical CVSS 10, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is our assessment, and you should evaluate its applicability to your own IT environment.
...