CVE-2023-22527
Atlassian Confluence Data Center and Server Templa - [Actively Exploited]
Description
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
INFO
Published Date :
Jan. 16, 2024, 5:15 a.m.
Last Modified :
Aug. 14, 2024, 3:23 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
Public PoC/Exploit Available at Github
CVE-2023-22527 has a 62 public PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
Affected Products
The following products are affected by CVE-2023-22527
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-22527
.
URL | Resource |
---|---|
http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html | Exploit Third Party Advisory VDB Entry |
https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 | Vendor Advisory |
https://jira.atlassian.com/browse/CONFSERVER-93833 | Issue Tracking Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
None
HTML
None
HTML
A utility for producing an HTTP cache database to use with go-exploit
Makefile Go
A super simple Cisa KEV lookup CLI tool leveraging DuckDB
Python
红队武器库漏洞利用工具合集整理
HTML
None
confluence rce (CVE-2021-26084, CVE-2022-26134, CVE-2023-22527)
Python
PoC for the NAPLISTENER exploit: https://nvd.nist.gov/vuln/detail/CVE-2023-22527 (Purpose: To practice automating exploits)
Python
CLI utility to query Shodan's CVE DB
cve-search shodan shodan-client
Go
此项目的POC来源为2024年以来各大威胁情报的高危漏洞复现,POC已通过nuclei或xray武器化,本项目旨在为网络安全爱好者们提供一点参考资料,可供个人研究使用,共勉
Shell Batchfile Python ASP.NET Java Classic ASP PHP
None
HTML Python
None
Java JavaScript HTML
An Ansible role that runs Vulhub environments on a Linux system.
Three go-exploits exploiting CVE-2023-22527 to execute arbitrary code in memory
Dockerfile Makefile Go Java
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-22527
vulnerability anywhere in the article.
- The Hacker News
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
Software Security / Threat Intelligence Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gol ... Read more
- Cybersecurity News
Fileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw
Excel document containing pixelated screenshot | Image: TrellixIn a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access ... Read more
- Cybersecurity News
Fortinet Faces Potential Data Breach, Customer Data at Risk
In a concerning development for cybersecurity giant Fortinet, a potential data breach has come to light, raising alarms about the security of sensitive customer information. The incident reportedly af ... Read more
- Cybersecurity News
WhatsUp Gold Under Attack: New RCE Vulnerabilities Exploited
Timeline how the WhatsUp Gold Active Monitor PowerShell Script was abused | Image: Trend MicroTrend Micro researchers have uncovered a series of remote code execution (RCE) attacks targeting WhatsUp G ... Read more
- Cybersecurity News
Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 to Launch Malware Campaigns
Cybersecurity researchers at FortiGuard Labs have observed multiple campaigns targeting a critical vulnerability in GeoServer, an open-source geospatial data server. Identified as CVE-2024-36401, this ... Read more
- Cybersecurity News
Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks (CVE-2024-2169)
System administrators and web hosting providers relying on the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability that ... Read more
- TheCyberThrone
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – August, 2024
Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending August, 2024Subscribers favorite #1Velvet Ant AP ... Read more
- TheCyberThrone
North Korean Citrine Sleet behind CVE-2024-7971 exploitation
Microsoft’s threat intelligence team discovered that a known North Korean threat actor exploiting a Chrome remote code execution flaw patched by Google earlier this month.The vulnerability, tracked as ... Read more
- TheCyberThrone
Fortra fixes vulnerabilities in FileCatalyst Workflow
Fortra has released patches for two vulnerabilities in FileCatalyst Workflow impacts version 5.1.6 Build 139 and earlier.The first vulnerability tracked as CVE-2024-6633 with a CVSS score of 9.8 is d ... Read more
- TheCyberThrone
APT29 compromised Mongolia with NSO and Intellexa tools
Google’s Threat Analysis Group has uncovered that Russian government-backed APT29 hackers targetting Mongolian government websites using exploits strikingly similar to those developed by commercial sp ... Read more
- TheCyberThrone
Atlassian flaw CVE-2023-22527 exploited in Cryptomining campaigns
The critical template injection vulnerability in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns that allow remote attackers to execu ... Read more
- Cybersecurity News
Godzilla Backdoor: A Stealthy Threat Targeting Atlassian Confluence Flaw (CVE-2023-22527)
Attack chain | Image: TrendMicroA recent discovery by cybersecurity researchers at Trend Micro has unveiled a sophisticated new attack vector targeting Atlassian Confluence servers, leveraging the cri ... Read more
- The Hacker News
Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns
Cryptojacking / Vulnerability Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit crypto ... Read more
- Trend Micro
Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
Malware Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor. Summary Trend Micro researchers ... Read more
- TheCyberThrone
CISA adds CVE-2024-7965 Chrome bug to its KEV catalog
The U.S. CISA added Google Chrome vulnerability to its Known Exploited Vulnerability Catalog following the mass exploitation in the wild.CVE-2024-7965; Google Chromium V8 contains an inappropriate imp ... Read more
- TheCyberThrone
APT-C-60 Exploits WPS Office Vulnerabilities
Security researchers from ESET have identified two vulnerabilities in WPS Office for Windows, widely exploited by the APT-C-60 cyberespionage group, which is aligned with South Korea.APT-C-60, known f ... Read more
- TheCyberThrone
RockWell Automation fixes Several vulnerabilities
Rockwell Automation has released patches for multiple vulnerabilities discovered in its ThinManager ThinServer software. These vulnerabilities, pose significant risks to systems running affected versi ... Read more
- Dark Reading
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking
Source: KT Design via Adobe Stock PhotoThreat actors continue to exploit a critical remote code execution (RCE) Atlassian bug discovered in January, with new attack vectors that turn targeted cloud en ... Read more
- TheCyberThrone
WordPress WPML Plugin Critical Vulnerability CVE-2024-6386
Researchers have uncovered a critical vulnerability in WPML multilingual CMS Plugin for WordPress that leads to a Remote Code Execution, which potentially allows the compromise of impacted websites.Th ... Read more
- Cybersecurity News
Cryptojacking Campaign Exploits Atlassian Confluence CVE-2023-22527 Vulnerability
Attack chain used in the second attack vectorTrend Micro researchers have uncovered a widespread cryptojacking campaign leveraging a critical vulnerability (CVE-2023-22527) in the Atlassian Confluence ... Read more
- TheCyberThrone
CISA adds Apache OFBiz Vulnerability CVE-2024-38856 to KEV Catalog
The U.S. CISA adds Apache OFBiz vulnerability to its KEV catalog following the mass exploitationCVE-2024-38856 : Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect ... Read more
- Trend Micro
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
Exploits & Vulnerabilities A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. Summary The critical vu ... Read more
- TheCyberThrone
CISA adds CV-2024-7971 to its KEV Catalog
The US CISA has added Google Chrome vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-7971 Google Chromium V8 contains a type of confusion ... Read more
- TheCyberThrone
Google addressed 10th Zeroday in Chrome CVE-2024-7965
Google has released a patch to address a new Chrome zero-day vulnerability that is actively exploited.The vulnerability tracked as CVE-2024-7965 with a CVSS score of 8.8 is an inappropriate implementa ... Read more
- TheCyberThrone
CISA adds Versa Networks Flaw CVE-2024-39717 to its KEV Catalog
The U.S. CISA has added CVE-2024-39717 to its Know exploited vulnerability catalog following the massive exploitation evidenceThis vulnerability CVE-2024-39717 affects Versa Networks’ Director GUI, sp ... Read more
- TheCyberThrone
GitHub fixes several vulnerabilities including CVE-2024-6800
GitHub has addressed several vulnerabilities in GitHub Enterprise Server (GHES) that could have allowed attackers to gain unauthorized access and manipulate repositories.The most critical vulnerabilit ... Read more
- TheCyberThrone
PoC Exploit for Microsoft bug CVE-2024-38054 released
Security researcher ‘Frost’ has released proof-of-concept exploit code for the high-severity vulnerability in the Kernel Streaming WOW Thunk Service Driver could enable local attackers to escalate pri ... Read more
- TheCyberThrone
Velvet Ant APT exploits Cisco bug CVE-2024-20399
Security researchers discovered that the China-linked APT group Velvet Ant has exploited the recently disclosed zero-day CVE-2024-20399 in Cisco switches to take over the network devices.Last month, C ... Read more
- TheCyberThrone
SolarWinds fixes CVE-2024-28987 in WHD Product
SolarWinds has released an update to a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated attackers to gain unauthorized access to vulnerable instances.The v ... Read more
- TheCyberThrone
Sonicwall fixes CVE-2024-40766 in SonicOS
SonicWall has released patch for a critical vulnerability affecting their SonicOS and could allow unauthorized access to SonicWall firewalls, potentially leading to a complete system compromise.The v ... Read more
- TheCyberThrone
Microsoft fixes Zeroday vulnerability CVE-2024-7971 in EDGE Browser
Microsoft has released patches for a critical vulnerability in EDGE Browser that is currently being exploited by malicious actors.This zero-day flaw, tracked as CVE-2024-7971, exists within Google Chr ... Read more
- Cybersecurity News
Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities
Microsoft has released an urgent security update for its Edge browser, patching a critical vulnerability that is currently being exploited by malicious actors. This zero-day flaw, tracked as CVE-2024- ... Read more
- Cybersecurity News
Critical Vulnerabilities Uncovered in Progress WhatsUp Gold (CVE-2024-6670 & CVE-2024-6671)
The Progress WhatsUp Gold team has recently disclosed multiple critical vulnerabilities affecting all versions of the software released before 2024.0.0. These vulnerabilities, identified as CVE-2024-6 ... Read more
- TheCyberThrone
CISA adds multiple vulnerabilities to its KEV catalog
The U.S. CISA has added 4 vulnerabilities to it’d Known Exploited Vulnerabilities Catalog (KEV) belongs to Dahua, Microsoft, and Linux products based on the mass exploitationCVE-2022-0185Linux Kernel ... Read more
- TheCyberThrone
Google fixes ninth Zeroday CVE-2024-7971 in Chrome
Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited.The vulnerability is a type confusion issue that resides i ... Read more
- TheCyberThrone
Spring Security fixes CVE-2024-38810
A high-severity flaw has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications.Spring Security’s powerful method security features ... Read more
- TheCyberThrone
Atlassian fixes CVE-2024-21689 vulnerability in Bamboo
Atlassian has issued a patch for a high severity vulnerability in its Bamboo Data Center and Server products, which is a Remote Code Execution.The vulnerability tracked as CVE-2024-21689 with a CVSS s ... Read more
- TheCyberThrone
Microsoft Flaw CVE-2024-38193 exploited by Lazarus Group
During this month patch Tuesday, microsoft addressed nearly 90 flaws, some of which have already been exploited by hackers.One specific vulnerability, CVE-2024-38193 with a CVSS score of 7.8, is a Br ... Read more
- TheCyberThrone
F5 fixes NGINX and BIG-IP Vulnerabilities
F5 has recently released security advisories addressing vulnerabilities in its products. These vulnerabilities, if exploited, could lead to denial-of-service (DoS) attacks and unauthorized access, dis ... Read more
- TheCyberThrone
CISA adds Jenkins bug CVE-2024-23897 to its KEV Catalog
The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more
- TheCyberThrone
CISA adds Jenkins bug CVE-2024-23897 to its KEV Catalog
The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more
- TheCyberThrone
PoC for IvantiTM vulnerability CVE-2024-7593 released
To limit the exploitability of this vulnerability, Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network.The researchers a ... Read more
The following table lists the changes that have been made to the
CVE-2023-22527
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jul. 03, 2024
Action Type Old Value New Value Added CWE CISA-ADP CWE-74 -
Modified Analysis by [email protected]
Jun. 10, 2024
Action Type Old Value New Value Changed Reference Type http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html No Types Assigned http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html Exploit, Third Party Advisory, VDB Entry Changed Reference Type https://jira.atlassian.com/browse/CONFSERVER-93833 Permissions Required https://jira.atlassian.com/browse/CONFSERVER-93833 Issue Tracking, Vendor Advisory Changed CPE Configuration OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.7.0 up to (excluding) 8.7.1 OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:* -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Jan. 26, 2024
Action Type Old Value New Value Added Reference Atlassian http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html [No types assigned] -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Jan. 25, 2024
Action Type Old Value New Value Added Vulnerability Name Atlassian Confluence Data Center and Server Template Injection Vulnerability Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Added Due Date 2024-02-14 Added Date Added 2024-01-24 -
Initial Analysis by [email protected]
Jan. 24, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 No Types Assigned https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 Vendor Advisory Changed Reference Type https://jira.atlassian.com/browse/CONFSERVER-93833 No Types Assigned https://jira.atlassian.com/browse/CONFSERVER-93833 Permissions Required Added CWE NIST CWE-74 Added CPE Configuration OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.7.0 up to (excluding) 8.7.1 Added CPE Configuration OR *cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 -
CVE Modified by [email protected]
Jan. 16, 2024
Action Type Old Value New Value Changed Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server|8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server|8.5.4 (LTS)|8.5.5 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)|8.7.2 or later (Data Center Only)| For additional details, please see full advisory. A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. -
CVE Modified by [email protected]
Jan. 16, 2024
Action Type Old Value New Value Changed Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server| 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server| 8.5.4 (LTS)| 8.5.5 (LTS) |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| 8.6.3 or later (Data Center Only) 8.7.2 or later (Data Center Only) For additional details, please see full advisory. Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server|8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server|8.5.4 (LTS)|8.5.5 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)|8.7.2 or later (Data Center Only)| For additional details, please see full advisory. -
CVE Received by [email protected]
Jan. 16, 2024
Action Type Old Value New Value Added Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server| 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server| 8.5.4 (LTS)| 8.5.5 (LTS) |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| 8.6.3 or later (Data Center Only) 8.7.2 or later (Data Center Only) For additional details, please see full advisory. Added Reference Atlassian https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 [No types assigned] Added Reference Atlassian https://jira.atlassian.com/browse/CONFSERVER-93833 [No types assigned] Added CVSS V3 Atlassian AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-22527
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-22527
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
97.09 }} 0.22%
score
0.99819
percentile