module
Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control
| Disclosed |
|---|
| Oct 4, 2023 |
Disclosed
Oct 4, 2023
Description
This module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass.
A specially crafted request can be create new admin account without authentication on the target Atlassian server.
A specially crafted request can be create new admin account without authentication on the target Atlassian server.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.