Known Exploited Vulnerability
9.8
CRITICAL
CVE-2023-22527
Atlassian Confluence Data Center and Server Templa - [Actively Exploited]
Description

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

INFO

Published Date :

Jan. 16, 2024, 5:15 a.m.

Last Modified :

Nov. 21, 2024, 7:44 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22527

Public PoC/Exploit Available at Github

CVE-2023-22527 has a 66 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-22527 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Atlassian confluence_server
2 Atlassian confluence_data_center
References to Advisories, Solutions, and Tools

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

A curated collection of Proof of Concept (PoC) tools, scripts, and techniques designed for red team operations, penetration testing, and cybersecurity research. This repository focuses on providing practical resources for exploring vulnerabilities

attack cybersecurity exp hw penetration-testing poc red-team security-tools vulnerability-poc

Updated: 1 week, 6 days ago
0 stars 2 fork 2 watcher
Born at : Nov. 17, 2024, 11:53 a.m. This repo has been linked 414 different CVEs too.

script for exploiting CVE-2023-22527, which is described as a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence

Python

Updated: 1 month, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : Oct. 7, 2024, 4:47 a.m. This repo has been linked 1 different CVEs too.

CVE-2023-22527 | RCE using SSTI in Confluence

Python

Updated: 3 weeks, 4 days ago
1 stars 0 fork 0 watcher
Born at : Oct. 6, 2024, 3:16 p.m. This repo has been linked 1 different CVEs too.

这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目

HTML

Updated: 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Sept. 20, 2024, 3:27 a.m. This repo has been linked 210 different CVEs too.

None

Updated: 2 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Sept. 9, 2024, 1:28 a.m. This repo has been linked 128 different CVEs too.

None

HTML

Updated: 2 months, 1 week ago
2 stars 1 fork 1 watcher
Born at : Sept. 4, 2024, 9:24 a.m. This repo has been linked 128 different CVEs too.

None

HTML

Updated: 1 week, 4 days ago
6 stars 0 fork 0 watcher
Born at : Aug. 2, 2024, 6:07 a.m. This repo has been linked 123 different CVEs too.

A utility for producing an HTTP cache database to use with go-exploit

Makefile Go

Updated: 2 weeks ago
8 stars 0 fork 0 watcher
Born at : July 16, 2024, 6:30 p.m. This repo has been linked 1 different CVEs too.

A super simple Cisa KEV lookup CLI tool leveraging DuckDB

Python

Updated: 4 months ago
1 stars 0 fork 0 watcher
Born at : July 2, 2024, 7:56 p.m. This repo has been linked 33 different CVEs too.

红队武器库漏洞利用工具合集整理

HTML

Updated: 2 days, 18 hours ago
389 stars 58 fork 58 watcher
Born at : June 27, 2024, 9:28 a.m. This repo has been linked 54 different CVEs too.

None

Updated: 1 week, 6 days ago
4 stars 0 fork 0 watcher
Born at : June 14, 2024, 6:54 a.m. This repo has been linked 95 different CVEs too.

confluence rce (CVE-2021-26084, CVE-2022-26134, CVE-2023-22527)

Python

Updated: 2 months, 1 week ago
3 stars 1 fork 1 watcher
Born at : May 29, 2024, 3:20 a.m. This repo has been linked 3 different CVEs too.

PoC for the NAPLISTENER exploit: https://nvd.nist.gov/vuln/detail/CVE-2023-22527 (Purpose: To practice automating exploits)

Python

Updated: 6 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : May 13, 2024, 9:04 p.m. This repo has been linked 1 different CVEs too.

CLI utility to query Shodan's CVE DB

cve-search shodan shodan-client

Go

Updated: 4 weeks, 1 day ago
2 stars 0 fork 0 watcher
Born at : May 12, 2024, 10 a.m. This repo has been linked 31 different CVEs too.

此项目的POC来源为2024年以来各大威胁情报的高危漏洞复现,POC已通过nuclei或xray武器化,本项目旨在为网络安全爱好者们提供一点参考资料,可供个人研究使用,共勉

Shell Batchfile Python ASP.NET Java Classic ASP PHP

Updated: 3 days, 20 hours ago
245 stars 41 fork 41 watcher
Born at : May 8, 2024, 11:50 a.m. This repo has been linked 21 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-22527 vulnerability anywhere in the article.

  • Cybersecurity News
Evasive Malware Campaign Leverages CleverSoar Installer & Nidhogg Rootkit

CleverSoar Attack Flow | Image: Rapid7Rapid7 Labs has uncovered a sophisticated malware campaign employing the newly identified CleverSoar installer, a highly evasive threat targeting Chinese and Viet ... Read more

Published Date: Nov 29, 2024 (6 days ago)
  • Cybersecurity News
CVE-2024-21887 and More: How Earth Estries APT Group Exploits VPNs & Servers

Campaign Alpha overview | Image: Trend MicroIn a detailed report from Trend Micro, the Chinese advanced persistent threat (APT) group Earth Estries, also known by aliases like Salt Typhoon and GhostEm ... Read more

Published Date: Nov 27, 2024 (1 week, 1 day ago)
  • Cybersecurity News
Critical Vulnerabilities in QNAP Notes Station 3: Update Now to Protect Your Data

QNAP has issued a security advisory regarding multiple critical vulnerabilities in Notes Station 3, a popular application for managing and sharing notes on QNAP devices. These vulnerabilities, with CV ... Read more

Published Date: Nov 26, 2024 (1 week, 2 days ago)
  • Cybersecurity News
Sonatype Nexus Repository 2 Hit By RCE (CVE-2024-5082) and XSS (CVE-2024-5083) Flaws

Sonatype has issued two security advisories for its Nexus Repository Manager 2.x, a popular repository manager used by organizations worldwide to store and distribute software artifacts, warning users ... Read more

Published Date: Nov 18, 2024 (2 weeks, 3 days ago)
  • security.nl
Amerikaanse ziekenhuizen gewaarschuwd voor Godzilla webshell

Het Amerikaanse ministerie van Volksgezondheid heeft ziekenhuizen en andere medische instellingen gewaarschuwd voor de 'Godzilla webshell' die bij aanvallen wordt ingezet en lastig te detecteren is (p ... Read more

Published Date: Nov 13, 2024 (3 weeks ago)
  • Cybersecurity News
Frag Ransomware: A New Threat Exploits Veeam Vulnerability (CVE-2024-40711)

The Frag ransom note | Image: SophosSophos X-Ops recently uncovered Frag ransomware in a series of cyberattacks exploiting a vulnerability in Veeam backup servers, designated CVE-2024-40711. This newl ... Read more

Published Date: Nov 11, 2024 (3 weeks, 3 days ago)
  • Cybersecurity News
Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining

Attach chain | Image: Trend MicroIn a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim r ... Read more

Published Date: Oct 30, 2024 (1 month ago)
  • Trend Micro
Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Cyber Threats In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. ... Read more

Published Date: Oct 30, 2024 (1 month ago)
  • Cybersecurity News
Cryptojacking Alert: Hackers Exploit gRPC and HTTP/2 to Deploy Miners

Attack chain | Image: Trend MicroTrend Micro researchers have uncovered a new and unconventional method used by cybercriminals to deploy the SRBMiner cryptominer on Docker remote API servers. This att ... Read more

Published Date: Oct 23, 2024 (1 month, 1 week ago)
  • Cybersecurity News
LemonDuck Exploits EternalBlue Vulnerability for Cryptomining Attacks

A recent report from security researchers at Aufa and NetbyteSEC Interns sheds light on the resurgence of the LemonDuck malware, which is now exploiting the EternalBlue vulnerability (CVE-2017-0144) i ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
  • Cybersecurity News
Linux Servers Under Siege: “Perfctl” Malware Evades Detection for Years

The entire attack flow | Image: Aqua NautilusIn a recent report by Aqua Nautilus researchers Assaf Morag and Idan Revivo, the Linux server community has been alerted to the presence of a particularly ... Read more

Published Date: Oct 03, 2024 (2 months ago)
  • Cybersecurity News
Critical Security Flaws in Camaleon CMS Put Web Servers at Risk – Users Urged to Upgrade Immediately

In a significant development for website owners and administrators using Camaleon CMS, a critical security update has been released to address several vulnerabilities, some of which are already being ... Read more

Published Date: Sep 21, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
Ransomware Groups Exploit Veeam Flaw CVE-2023-27532 in Nigerian Cyber Infrastructure

The Nigeria Computer Emergency Response Team (ngCERT) has issued an urgent alert warning of ransomware groups actively targeting critical systems across Nigeria. The alert focuses on a high-severity v ... Read more

Published Date: Sep 20, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS

Medusa ransomware ransom note | Image: Unit 42In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoi ... Read more

Published Date: Sep 20, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
Cyberattack on Delta Prime: Losses Soar to $6M

The Delta Prime platform fell victim to a cyberattack resulting in the theft of cryptocurrency worth approximately $6 million. Initially, losses were reported at around $4.5 million, but the damage la ... Read more

Published Date: Sep 18, 2024 (2 months, 2 weeks ago)
  • The Hacker News
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Software Security / Threat Intelligence Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gol ... Read more

Published Date: Sep 13, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
Fileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw

Excel document containing pixelated screenshot | Image: TrellixIn a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access ... Read more

Published Date: Sep 13, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
Fortinet Faces Potential Data Breach, Customer Data at Risk

In a concerning development for cybersecurity giant Fortinet, a potential data breach has come to light, raising alarms about the security of sensitive customer information. The incident reportedly af ... Read more

Published Date: Sep 12, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
WhatsUp Gold Under Attack: New RCE Vulnerabilities Exploited

Timeline how the WhatsUp Gold Active Monitor PowerShell Script was abused | Image: Trend MicroTrend Micro researchers have uncovered a series of remote code execution (RCE) attacks targeting WhatsUp G ... Read more

Published Date: Sep 12, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 to Launch Malware Campaigns

Cybersecurity researchers at FortiGuard Labs have observed multiple campaigns targeting a critical vulnerability in GeoServer, an open-source geospatial data server. Identified as CVE-2024-36401, this ... Read more

Published Date: Sep 07, 2024 (2 months, 4 weeks ago)
  • Cybersecurity News
CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster

Please enable JavaScriptProgress Software Corporation has issued a security advisory for a critical vulnerability (CVE-2024-7591) affecting its LoadMaster application delivery controller (ADC) and loa ... Read more

Published Date: Sep 06, 2024 (2 months, 4 weeks ago)
  • Cybersecurity News
Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks (CVE-2024-2169)

System administrators and web hosting providers relying on the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability that ... Read more

Published Date: Sep 05, 2024 (3 months ago)
  • TheCyberThrone
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – August, 2024

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending August, 2024Subscribers favorite #1Velvet Ant AP ... Read more

Published Date: Sep 01, 2024 (3 months ago)
  • TheCyberThrone
North Korean Citrine Sleet behind CVE-2024-7971 exploitation

Microsoft’s threat intelligence team discovered that a known North Korean threat actor exploiting a Chrome remote code execution flaw patched by Google earlier this month.The vulnerability, tracked as ... Read more

Published Date: Sep 01, 2024 (3 months ago)
  • TheCyberThrone
Fortra fixes vulnerabilities in FileCatalyst Workflow

Fortra has released patches for two vulnerabilities in FileCatalyst Workflow impacts version  5.1.6 Build 139 and earlier.The first vulnerability tracked as CVE-2024-6633 with a CVSS score of 9.8 is d ... Read more

Published Date: Aug 31, 2024 (3 months ago)
  • TheCyberThrone
APT29 compromised Mongolia with NSO and Intellexa tools

Google’s Threat Analysis Group has uncovered that Russian government-backed APT29 hackers targetting Mongolian government websites using exploits strikingly similar to those developed by commercial sp ... Read more

Published Date: Aug 31, 2024 (3 months ago)
  • TheCyberThrone
Atlassian flaw CVE-2023-22527 exploited in Cryptomining campaigns

The critical template injection vulnerability in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns that allow remote attackers to execu ... Read more

Published Date: Aug 30, 2024 (3 months ago)
  • Cybersecurity News
Godzilla Backdoor: A Stealthy Threat Targeting Atlassian Confluence Flaw (CVE-2023-22527)

Attack chain | Image: TrendMicroA recent discovery by cybersecurity researchers at Trend Micro has unveiled a sophisticated new attack vector targeting Atlassian Confluence servers, leveraging the cri ... Read more

Published Date: Aug 30, 2024 (3 months ago)
  • The Hacker News
Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Cryptojacking / Vulnerability Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit crypto ... Read more

Published Date: Aug 30, 2024 (3 months ago)
  • Trend Micro
Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Malware Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor. Summary Trend Micro researchers ... Read more

Published Date: Aug 30, 2024 (3 months ago)
  • TheCyberThrone
CISA adds CVE-2024-7965 Chrome bug to its KEV catalog

The U.S. CISA added Google Chrome vulnerability to its Known Exploited Vulnerability Catalog following the mass exploitation in the wild.CVE-2024-7965; Google Chromium V8 contains an inappropriate imp ... Read more

Published Date: Aug 29, 2024 (3 months ago)
  • TheCyberThrone
APT-C-60 Exploits WPS Office Vulnerabilities

Security researchers from ESET have identified two vulnerabilities in WPS Office for Windows, widely exploited by the APT-C-60 cyberespionage group, which is aligned with South Korea.APT-C-60, known f ... Read more

Published Date: Aug 29, 2024 (3 months ago)
  • TheCyberThrone
RockWell Automation fixes Several vulnerabilities

Rockwell Automation has released patches for multiple vulnerabilities discovered in its ThinManager ThinServer software. These vulnerabilities, pose significant risks to systems running affected versi ... Read more

Published Date: Aug 29, 2024 (3 months ago)
  • Dark Reading
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking

Source: KT Design via Adobe Stock PhotoThreat actors continue to exploit a critical remote code execution (RCE) Atlassian bug discovered in January, with new attack vectors that turn targeted cloud en ... Read more

Published Date: Aug 28, 2024 (3 months ago)
  • TheCyberThrone
WordPress WPML Plugin Critical Vulnerability CVE-2024-6386

Researchers have uncovered a critical vulnerability in WPML multilingual CMS Plugin for WordPress that leads to a Remote Code Execution, which potentially allows the compromise of impacted websites.Th ... Read more

Published Date: Aug 28, 2024 (3 months ago)
  • Cybersecurity News
Cryptojacking Campaign Exploits Atlassian Confluence CVE-2023-22527 Vulnerability

Attack chain used in the second attack vectorTrend Micro researchers have uncovered a widespread cryptojacking campaign leveraging a critical vulnerability (CVE-2023-22527) in the Atlassian Confluence ... Read more

Published Date: Aug 28, 2024 (3 months ago)
  • TheCyberThrone
CISA adds Apache OFBiz Vulnerability CVE-2024-38856 to KEV Catalog

The U.S. CISA adds Apache OFBiz vulnerability to its KEV catalog following the mass exploitationCVE-2024-38856 : Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect ... Read more

Published Date: Aug 28, 2024 (3 months, 1 week ago)
  • Trend Micro
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

Exploits & Vulnerabilities A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. Summary The critical vu ... Read more

Published Date: Aug 28, 2024 (3 months, 1 week ago)
  • TheCyberThrone
CISA adds CV-2024-7971 to its KEV Catalog

The US CISA has added Google Chrome vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-7971 Google Chromium V8 contains a type of confusion ... Read more

Published Date: Aug 27, 2024 (3 months, 1 week ago)
  • TheCyberThrone
Google addressed 10th Zeroday in Chrome CVE-2024-7965

Google has released a patch to address a new Chrome zero-day vulnerability that is actively exploited.The vulnerability tracked as CVE-2024-7965 with a CVSS score of 8.8 is an inappropriate implementa ... Read more

Published Date: Aug 27, 2024 (3 months, 1 week ago)
  • TheCyberThrone
CISA adds Versa Networks Flaw CVE-2024-39717 to its KEV Catalog

The U.S. CISA has added CVE-2024-39717 to its Know exploited vulnerability catalog following the massive exploitation evidenceThis vulnerability CVE-2024-39717 affects Versa Networks’ Director GUI, sp ... Read more

Published Date: Aug 26, 2024 (3 months, 1 week ago)
  • TheCyberThrone
GitHub fixes several vulnerabilities including CVE-2024-6800

GitHub has addressed several vulnerabilities in GitHub Enterprise Server (GHES) that could have allowed attackers to gain unauthorized access and manipulate repositories.The most critical vulnerabilit ... Read more

Published Date: Aug 25, 2024 (3 months, 1 week ago)
  • TheCyberThrone
PoC Exploit for Microsoft bug CVE-2024-38054 released

Security researcher ‘Frost’ has released proof-of-concept exploit code for the high-severity vulnerability in the Kernel Streaming WOW Thunk Service Driver could enable local attackers to escalate pri ... Read more

Published Date: Aug 25, 2024 (3 months, 1 week ago)
  • TheCyberThrone
Velvet Ant APT exploits Cisco bug CVE-2024-20399

Security researchers discovered that the China-linked APT group Velvet Ant has exploited the recently disclosed zero-day CVE-2024-20399 in Cisco switches to take over the network devices.Last month, C ... Read more

Published Date: Aug 24, 2024 (3 months, 1 week ago)
  • TheCyberThrone
SolarWinds fixes CVE-2024-28987 in WHD Product

SolarWinds has released an update to a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated attackers to gain unauthorized access to vulnerable instances.The v ... Read more

Published Date: Aug 24, 2024 (3 months, 1 week ago)
  • TheCyberThrone
Sonicwall fixes CVE-2024-40766 in SonicOS

SonicWall has released patch for a critical vulnerability  affecting their SonicOS and could allow unauthorized access to SonicWall firewalls, potentially leading to a complete system compromise.The v ... Read more

Published Date: Aug 24, 2024 (3 months, 1 week ago)
  • TheCyberThrone
Microsoft fixes Zeroday vulnerability CVE-2024-7971 in EDGE Browser

Microsoft has released patches for a critical vulnerability in EDGE Browser that is currently being exploited by malicious actors.This zero-day flaw, tracked as CVE-2024-7971, exists within Google Chr ... Read more

Published Date: Aug 23, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities

Microsoft has released an urgent security update for its Edge browser, patching a critical vulnerability that is currently being exploited by malicious actors. This zero-day flaw, tracked as CVE-2024- ... Read more

Published Date: Aug 23, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Critical Vulnerabilities Uncovered in Progress WhatsUp Gold (CVE-2024-6670 & CVE-2024-6671)

The Progress WhatsUp Gold team has recently disclosed multiple critical vulnerabilities affecting all versions of the software released before 2024.0.0. These vulnerabilities, identified as CVE-2024-6 ... Read more

Published Date: Aug 23, 2024 (3 months, 1 week ago)
  • TheCyberThrone
CISA adds multiple vulnerabilities to its KEV catalog

The U.S. CISA has added 4 vulnerabilities to it’d Known Exploited Vulnerabilities Catalog (KEV) belongs to Dahua, Microsoft, and Linux products based on the mass exploitationCVE-2022-0185Linux Kernel ... Read more

Published Date: Aug 22, 2024 (3 months, 1 week ago)
  • TheCyberThrone
Google fixes ninth Zeroday CVE-2024-7971 in Chrome

Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited.The vulnerability is a type confusion issue that resides i ... Read more

Published Date: Aug 22, 2024 (3 months, 1 week ago)
  • TheCyberThrone
Spring Security fixes CVE-2024-38810

A high-severity flaw has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications.Spring Security’s powerful method security features ... Read more

Published Date: Aug 22, 2024 (3 months, 1 week ago)
  • TheCyberThrone
Atlassian fixes CVE-2024-21689 vulnerability in Bamboo

Atlassian has issued a patch for a high severity vulnerability in its Bamboo Data Center and Server products, which is a Remote Code Execution.The vulnerability tracked as CVE-2024-21689 with a CVSS s ... Read more

Published Date: Aug 21, 2024 (3 months, 1 week ago)
  • TheCyberThrone
Microsoft Flaw CVE-2024-38193 exploited by Lazarus Group

During this month patch Tuesday, microsoft addressed nearly 90 flaws, some of which have already been exploited by hackers.One specific vulnerability, CVE-2024-38193 with a CVSS score of 7.8, is a  Br ... Read more

Published Date: Aug 20, 2024 (3 months, 2 weeks ago)
  • TheCyberThrone
F5 fixes NGINX and BIG-IP Vulnerabilities

F5 has recently released security advisories addressing vulnerabilities in its products. These vulnerabilities, if exploited, could lead to denial-of-service (DoS) attacks and unauthorized access, dis ... Read more

Published Date: Aug 20, 2024 (3 months, 2 weeks ago)
  • TheCyberThrone
CISA adds Jenkins bug CVE-2024-23897 to its KEV Catalog

The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more

Published Date: Aug 20, 2024 (3 months, 2 weeks ago)
  • TheCyberThrone
CISA adds Jenkins bug CVE-2024-23897 to its KEV Catalog

The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more

Published Date: Aug 19, 2024 (3 months, 2 weeks ago)
  • TheCyberThrone
PoC for IvantiTM vulnerability CVE-2024-7593 released

To limit the exploitability of this vulnerability, Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network.The researchers a ... Read more

Published Date: Aug 19, 2024 (3 months, 2 weeks ago)

The following table lists the changes that have been made to the CVE-2023-22527 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html
    Added Reference https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615
    Added Reference https://jira.atlassian.com/browse/CONFSERVER-93833
    Added Reference https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527
  • Modified Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 03, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-74
  • Modified Analysis by [email protected]

    Jun. 10, 2024

    Action Type Old Value New Value
    Changed Reference Type http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html No Types Assigned http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type https://jira.atlassian.com/browse/CONFSERVER-93833 Permissions Required https://jira.atlassian.com/browse/CONFSERVER-93833 Issue Tracking, Vendor Advisory
    Changed CPE Configuration OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.7.0 up to (excluding) 8.7.1 OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jan. 26, 2024

    Action Type Old Value New Value
    Added Reference Atlassian http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html [No types assigned]
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jan. 25, 2024

    Action Type Old Value New Value
    Added Vulnerability Name Atlassian Confluence Data Center and Server Template Injection Vulnerability
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Due Date 2024-02-14
    Added Date Added 2024-01-24
  • Initial Analysis by [email protected]

    Jan. 24, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 No Types Assigned https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 Vendor Advisory
    Changed Reference Type https://jira.atlassian.com/browse/CONFSERVER-93833 No Types Assigned https://jira.atlassian.com/browse/CONFSERVER-93833 Permissions Required
    Added CWE NIST CWE-74
    Added CPE Configuration OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.7.0 up to (excluding) 8.7.1
    Added CPE Configuration OR *cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4
  • CVE Modified by [email protected]

    Jan. 16, 2024

    Action Type Old Value New Value
    Changed Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server|8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server|8.5.4 (LTS)|8.5.5 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)|8.7.2 or later (Data Center Only)| For additional details, please see full advisory. A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
  • CVE Modified by [email protected]

    Jan. 16, 2024

    Action Type Old Value New Value
    Changed Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server| 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server| 8.5.4 (LTS)| 8.5.5 (LTS) |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| 8.6.3 or later (Data Center Only) 8.7.2 or later (Data Center Only) For additional details, please see full advisory. Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server|8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server|8.5.4 (LTS)|8.5.5 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)|8.7.2 or later (Data Center Only)| For additional details, please see full advisory.
  • CVE Received by [email protected]

    Jan. 16, 2024

    Action Type Old Value New Value
    Added Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server| 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server| 8.5.4 (LTS)| 8.5.5 (LTS) |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| 8.6.3 or later (Data Center Only) 8.7.2 or later (Data Center Only) For additional details, please see full advisory.
    Added Reference Atlassian https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 [No types assigned]
    Added Reference Atlassian https://jira.atlassian.com/browse/CONFSERVER-93833 [No types assigned]
    Added CVSS V3 Atlassian AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-22527 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-22527 weaknesses.

CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters Using Leading 'Ghost' Character Sequences to Bypass Input Filters CAPEC-6: Argument Injection Argument Injection CAPEC-7: Blind SQL Injection Blind SQL Injection CAPEC-8: Buffer Overflow in an API Call Buffer Overflow in an API Call CAPEC-9: Buffer Overflow in Local Command-Line Utilities Buffer Overflow in Local Command-Line Utilities CAPEC-10: Buffer Overflow via Environment Variables Buffer Overflow via Environment Variables CAPEC-13: Subverting Environment Variable Values Subverting Environment Variable Values CAPEC-14: Client-side Injection-induced Buffer Overflow Client-side Injection-induced Buffer Overflow CAPEC-24: Filter Failure through Buffer Overflow Filter Failure through Buffer Overflow CAPEC-28: Fuzzing Fuzzing CAPEC-34: HTTP Response Splitting HTTP Response Splitting CAPEC-42: MIME Conversion MIME Conversion CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-45: Buffer Overflow via Symbolic Links Buffer Overflow via Symbolic Links CAPEC-46: Overflow Variables and Tags Overflow Variables and Tags CAPEC-47: Buffer Overflow via Parameter Expansion Buffer Overflow via Parameter Expansion CAPEC-51: Poison Web Service Registry Poison Web Service Registry CAPEC-52: Embedding NULL Bytes Embedding NULL Bytes CAPEC-53: Postfix, Null Terminate, and Backslash Postfix, Null Terminate, and Backslash CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic Using Slashes and URL Encoding Combined to Bypass Validation Logic CAPEC-67: String Format Overflow in syslog() String Format Overflow in syslog() CAPEC-71: Using Unicode Encoding to Bypass Validation Logic Using Unicode Encoding to Bypass Validation Logic CAPEC-72: URL Encoding URL Encoding CAPEC-76: Manipulating Web Input to File System Calls Manipulating Web Input to File System Calls CAPEC-78: Using Escaped Slashes in Alternate Encoding Using Escaped Slashes in Alternate Encoding CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-80: Using UTF-8 Encoding to Bypass Validation Logic Using UTF-8 Encoding to Bypass Validation Logic CAPEC-83: XPath Injection XPath Injection CAPEC-84: XQuery Injection XQuery Injection CAPEC-101: Server Side Include (SSI) Injection Server Side Include (SSI) Injection CAPEC-105: HTTP Request Splitting HTTP Request Splitting CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection CAPEC-120: Double Encoding Double Encoding CAPEC-135: Format String Injection Format String Injection CAPEC-250: XML Injection XML Injection CAPEC-267: Leverage Alternate Encoding Leverage Alternate Encoding CAPEC-273: HTTP Response Smuggling HTTP Response Smuggling
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

96.97 }} -0.09%

score

0.99783

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability