All Cloudflare Customers Protected from Atlassian Confluence CVE-2023-22515

On October 4th, 2023, Atlassian disclosed a zero-day vulnerability named "Privilege Escalation Vulnerability in Confluence Data Center and Server" (CVE-2023-22515), affecting their Confluence Server and Data Center products. Cloudflare was notified of the issue before the advisory's publication, working with Atlassian to apply protective WAF rules for all customers. The vulnerability allows an attacker to create unauthorized administrator accounts on public Confluence instances, assessed by Atlassian as critical; however, no CVSS score has been released yet. More information can be found in the security advisory, listing affected versions of Confluence Server.