Atlassian released an advisory regarding a critical vulnerability (CVE-2023-22515) in Confluence Data Center and Server. The vulnerability allows remote attackers to create unauthorized administrator accounts and gain access to Confluence instances. The vulnerability has received a CVSS rating of 10.0 (“critical”).
According to Atlassian, the vulnerability may have already been actively exploited in some customer environments.
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-274964-1032.html