Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


CVE-2023-22518 and How to recover data

I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Nov 15, 2023

I am under attack by CVE-2023-22518, symptoms:

1. The database is cleared

2. Data directories and files exist but are not backed up

Can I still recover my data? No backup

1 answer

Hi Hanlin2531,

Experiencing an attack involving data clearing due to CVE-2023-22518 can be extremely challenging, especially without a backup. However, there might still be some possibilities for data recovery:

Database Recovery Options:

Check if any database backups exist separately from the Confluence system. If there are backups, they might contain the data that was cleared.
Investigate recovery options within the database system itself. Sometimes, deleted data can be recoverable using specialized recovery tools or techniques. However, this process can be complex and might require expertise.

File System Analysis:

Even though the data directories and files exist but are not backed up, it's possible that some data remnants might still be present on the file system. Forensic analysis or specialized recovery tools might potentially retrieve some of the lost data.

Confluence XML Backup:

If there's a possibility that Confluence's XML backup feature was enabled before the attack, there might be a chance to recover some content. However, this depends on the timing and existence of such backups.

Immediate Steps:

  • Stop Usage: Cease using the affected system immediately to prevent further data loss or overwriting of existing data remnants.
  • Seek Expert Help: Engage cybersecurity experts or professional data recovery services with expertise in such situations. They might have specialized tools and methodologies to recover lost data or provide guidance.

Remember, without backups, data recovery can be exceedingly challenging. It's crucial to have robust backup and disaster recovery strategies in place to mitigate the impact of such incidents in the future.


Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events