Denial of Service Vulnerability in Confluence Data Center and Server by Atlassian
CVE-2023-22512

7.5HIGH

Key Information:

Vendor

Atlassian
Status
Confluence Data Center
Confluence Server
Vendor
CVE Published:
16 January 2024

What is CVE-2023-22512?

A vulnerability in Confluence Data Center and Server allows an unauthenticated attacker to render the service unavailable to legitimate users, significantly disrupting operations. This issue affects versions starting from 5.6.0, allowing attackers to exploit the flaw without needing user interaction, primarily affecting the availability of resources. Organizations are urged to upgrade to supported fixed versions to mitigate this serious risk. The latest versions and patches are available for download on Atlassian's website.

Affected Version(s)

Confluence Data Center >= 5.6.0 < 5.6.0

Confluence Server >= 5.6.0 < 5.6.0

Confluence Data Center < 5.6.0 < 5.6.0

References

https://confluence.atlassian.com/pages/viewpage.action?pa...
https://jira.atlassian.com/browse/CONFSERVER-91258

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.