Share
## https://sploitus.com/exploit?id=SAINT:FDEEDB34497DA799578C5BB42A83ABC5
Added: 11/02/2023  


### Background

Atlassian Confluence is a collaboration and knowledge management application. 

### Problem

Broken access control in Atlassian Confluence Data Center and Server could allow a remote attacker to create an administrator account, leading to remote command execution. 

### Resolution

Upgrade to Confluence 8.3.3, 8.4.3, or 8.5.2 or higher. 

### References

https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html   


### Limitations

Upon successful exploitation, an administrator account is created which must be manually removed.