CVE-2023-22518 Confluence Data Center and Confluence Server - Improper Authorization Vulnerability

This advisory is for organizations that use Atlassian’s on-premises Confluence Data Center and Server.  If your organization does not use this platform, this notification may be discarded.


Atlassian has issued patches for a vulnerability affecting Confluence Data Center and Confluence Server.  Atlassian has described this as an improper authorization vulnerability accessible from the public internet but has not released additional details.  This effects all version of Confluence Data Center and Server prior to the latest patched versions as indicated below.  Atlassian Cloud sites are NOT affected by this vulnerability.

Atlassian stresses that they have not seen exploits for this vulnerability in the wild yet but urges clients to prioritize patching their on-premises instances.

CVE-2023-22518 –  Improper Authorization Vulnerability In Confluence Data Center and Server

                CVSSv3: 9.1

Affected Products/Versions

Product Fixed Versions
Confluence Data Center and Server 7.19.16 or later
  8.3.4 or later
  8.4.4 or later
  8.5.3 or later
  8.6.1 or later

Atlassian warns that versions that are past end of life may be susceptible to this vulnerability but has not provided additional details.


  • Apply latest patches
  • Remove internet access to your instance until patch can be applied

Additional Resources