If you are using Confluence Server or Data Center versions 8.0.0 through 8.5.1, your instance may be vulnerable. An attacker can create an administrator account and get into the application! There are two solutions.
To reduce vulnerability, you must do one of two things:
– ultimately: upgrade to one of the safe versions: >= 8.3.3, >= 8.4.3 or >= 8.5.2 LTS
– temporarily: modification of web.xml file (requires application restart)
More info HERE
Good luck!