You use Confluence Server or Confluence Data Center UpdateTo address this issue, Atlassian released: You can download the latest versions from the download pages for Confluence Server or Confluence Data Center. MitigationInstalling a fixed version of Confluence is the safest way to remediate CVE-2023-22515. If you are unable to immediately upgrade Confluence, then as a temporary workaround we recommend restricting external network access to the affected instance. Additionally, you can mitigate known attack vectors for this vulnerability by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files. On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml and add the following block of code (just before the </web-app> tag at the end of the file):
| Code Block |
|---|
<security-constraint>
<web-resource-collection>
<url-pattern>/setup/*</url-pattern>
<http-method-omission>*</http-method-omission>
</web-resource-collection>
<auth-constraint />
</security-constraint> |
Restart Confluence.
This action will block access to setup pages that are not required for typical Confluence usage, for further details see Atlassians FAQ page. Threat detectionAs well as upgrading to a fixed version, we recommend you check all affected Confluence instances for the following indicators of compromise: unexpected members of the confluence-administrator group unexpected newly created user accounts requests to /setup/*.action in network access logs presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory
Further details on how to do the above are available on Atlassians FAQ page. | 
Atlassian Cloud Instances are not affected
tbd