How severe is CVE-2023-22518?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2023-22518?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2023-22518

CRITICAL Year: 2023

CVSS v3 Score

10.0

Critical

Weakness Type

CWE-863

View all →

Vulnerability Description

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

CVE-2020-13300

CRITICAL

CVSS:10.0(Critical)

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

CWE-8632020

CVE-2021-38503

CRITICAL

CVSS:10.0(Critical)

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affec...

CWE-8632021

CVE-2023-4617

CRITICAL

CVSS:10.0(Critical)

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "...

CWE-8632023

CVE-2021-26753

CRITICAL

CVSS:9.9(Critical)

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to th...

CWE-8632021

CVE-2024-21010

CRITICAL

CVSS:9.9(Critical)

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easil...

CWE-8632024

CVE-2025-21556

CRITICAL

CVSS:9.9(Critical)

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerabilit...

CWE-8632025

CVE-2023-22518

Vulnerability Description

Related Vulnerabilities

CVE-2020-13300

CVE-2021-38503

CVE-2023-4617

CVE-2021-26753

CVE-2024-21010

CVE-2025-21556