"UPDATE: We have evidence to suggest that a known nation-state actor is actively exploiting CVE-2023-22515 and continue to work closely with our partners and customers to investigate." https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

exploit: post request with setup=false, post request for creating a new admin user https://github.com/Chocapikk/CVE-2023-22515/blob/main/exploit.py#L78-L92

If you run self-hosted #confluence and it is visible to the public internet, page on-call. This is super bad.