Atlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10.
The company overhauled its security advisory for CVE-2023-22518 after it realized there had been a “change in the scope of the attack” on Monday.
In its original advisory, the Aussie-headquartered vendor said exploitation of the vulnerability by an unauthenticated user could lead to “significant data loss.” In the recently updated advisory, it conceded an attacker could reset Confluence and create an administrator account.
