Skip to main content


"UPDATE: We have evidence to suggest that a known nation-state actor is actively exploiting CVE-2023-22515 and continue to work closely with our partners and customers to investigate." confluence.atlassian.com/secur…

exploit: post request with setup=false, post request for creating a new admin user github.com/Chocapikk/CVE-2023-…

If you run self-hosted #confluence and it is visible to the public internet, page on-call. This is super bad.

⇧