Share
## https://sploitus.com/exploit?id=SAINT:B9AC9F1ED5E99B0709FA427ACE9B6E3D
Added: 11/02/2023  


### Background

[Atlassian Confluence](<http://www.atlassian.com/software/confluence/>) is a collaboration and knowledge management application. 

### Problem

Broken access control in Atlassian Confluence Data Center and Server could allow a remote attacker to create an administrator account, leading to remote command execution. 

### Resolution

[Upgrade](<http://www.atlassian.com/software/confluence/ConfluenceDownloadCenter.jspa>) to Confluence 8.3.3, 8.4.3, or 8.5.2 or higher. 

### References

<https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html>  


### Limitations

Upon successful exploitation, an administrator account is created which must be manually removed.