Known Exploited Vulnerability
10.0
CRITICAL CVSS 3.0
CVE-2023-22527
Atlassian Confluence Data Center and Server Template Injection Vulnerability - [Actively Exploited]
Description

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

INFO

Published Date :

Jan. 16, 2024, 5:15 a.m.

Last Modified :

Feb. 9, 2025, 8:50 p.m.

Remotely Exploit :

Yes !
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22527

Affected Products

The following products are affected by CVE-2023-22527 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Atlassian confluence_server
2 Atlassian confluence_data_center
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.0 CRITICAL [email protected]
CVSS 3.1 CRITICAL [email protected]
Solution
Upgrade Atlassian Confluence Data Center and Server to a patched version to address a template injection vulnerability.
  • Upgrade to Atlassian Confluence Server version 8.5.4, 8.6.0, 8.7.1, or later.
  • If unable to upgrade, review the Atlassian Security Bulletin for further guidance.
Public PoC/Exploit Available at Github

CVE-2023-22527 has a 92 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-22527 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-22527 weaknesses.

CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters Using Leading 'Ghost' Character Sequences to Bypass Input Filters CAPEC-6: Argument Injection Argument Injection CAPEC-7: Blind SQL Injection Blind SQL Injection CAPEC-8: Buffer Overflow in an API Call Buffer Overflow in an API Call CAPEC-9: Buffer Overflow in Local Command-Line Utilities Buffer Overflow in Local Command-Line Utilities CAPEC-10: Buffer Overflow via Environment Variables Buffer Overflow via Environment Variables CAPEC-13: Subverting Environment Variable Values Subverting Environment Variable Values CAPEC-14: Client-side Injection-induced Buffer Overflow Client-side Injection-induced Buffer Overflow CAPEC-24: Filter Failure through Buffer Overflow Filter Failure through Buffer Overflow CAPEC-28: Fuzzing Fuzzing CAPEC-34: HTTP Response Splitting HTTP Response Splitting CAPEC-42: MIME Conversion MIME Conversion CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-45: Buffer Overflow via Symbolic Links Buffer Overflow via Symbolic Links CAPEC-46: Overflow Variables and Tags Overflow Variables and Tags CAPEC-47: Buffer Overflow via Parameter Expansion Buffer Overflow via Parameter Expansion CAPEC-51: Poison Web Service Registry Poison Web Service Registry CAPEC-52: Embedding NULL Bytes Embedding NULL Bytes CAPEC-53: Postfix, Null Terminate, and Backslash Postfix, Null Terminate, and Backslash CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic Using Slashes and URL Encoding Combined to Bypass Validation Logic CAPEC-67: String Format Overflow in syslog() String Format Overflow in syslog() CAPEC-71: Using Unicode Encoding to Bypass Validation Logic Using Unicode Encoding to Bypass Validation Logic CAPEC-72: URL Encoding URL Encoding CAPEC-76: Manipulating Web Input to File System Calls Manipulating Web Input to File System Calls CAPEC-78: Using Escaped Slashes in Alternate Encoding Using Escaped Slashes in Alternate Encoding CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-80: Using UTF-8 Encoding to Bypass Validation Logic Using UTF-8 Encoding to Bypass Validation Logic CAPEC-83: XPath Injection XPath Injection CAPEC-84: XQuery Injection XQuery Injection CAPEC-101: Server Side Include (SSI) Injection Server Side Include (SSI) Injection CAPEC-105: HTTP Request Splitting HTTP Request Splitting CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection CAPEC-120: Double Encoding Double Encoding CAPEC-135: Format String Injection Format String Injection CAPEC-250: XML Injection XML Injection CAPEC-267: Leverage Alternate Encoding Leverage Alternate Encoding CAPEC-273: HTTP Response Smuggling HTTP Response Smuggling

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Updated: 2 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 15, 2025, 9:07 a.m. This repo has been linked 310 different CVEs too.

护网2024-POC收录备份

Updated: 3 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 4, 2025, 1:25 p.m. This repo has been linked 119 different CVEs too.

备份的漏洞库,3月开始我们来维护

Updated: 1 month, 3 weeks ago
2 stars 0 fork 0 watcher
Born at : June 30, 2025, 9:14 a.m. This repo has been linked 216 different CVEs too.

None

Updated: 2 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : June 15, 2025, 2:32 a.m. This repo has been linked 216 different CVEs too.

None

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : May 30, 2025, 2:59 a.m. This repo has been linked 213 different CVEs too.

None

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : May 29, 2025, 11:26 a.m. This repo has been linked 1 different CVEs too.

None

Updated: 1 week, 1 day ago
0 stars 0 fork 0 watcher
Born at : May 29, 2025, 9:37 a.m. This repo has been linked 1 different CVEs too.

None

Go PHP JavaScript Groovy Java Python VBScript

Updated: 3 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : May 8, 2025, 10:43 a.m. This repo has been linked 5 different CVEs too.

None

HTML

Updated: 3 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : May 6, 2025, 2:20 a.m. This repo has been linked 201 different CVEs too.

None

Updated: 3 months, 4 weeks ago
0 stars 0 fork 0 watcher
Born at : April 17, 2025, 1:28 p.m. This repo has been linked 10 different CVEs too.

wy876

Python

Updated: 1 month, 4 weeks ago
8 stars 2 fork 2 watcher
Born at : April 11, 2025, 4:25 a.m. This repo has been linked 209 different CVEs too.

This thesis project focuses on the creation of an autonomous agent that is capable of understanding CVE description and create from its interpretation a vulnerable Docker container, which can then be used to gather attack patterns data. The Docker creation process is benchmarked in order to understand how well the agent is performing its tasks.

Dockerfile HTML Python Shell Groovy PHP Java SaltStack JavaScript CSS

Updated: 2 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : April 1, 2025, 1:35 p.m. This repo has been linked 115 different CVEs too.

None

Updated: 4 months, 4 weeks ago
2 stars 0 fork 0 watcher
Born at : March 27, 2025, 5:03 p.m. This repo has been linked 2 different CVEs too.

wy876 POC | wy876的poc仓库已删库,该项目为其仓库镜像

Updated: 1 month, 1 week ago
349 stars 196 fork 196 watcher
Born at : March 7, 2025, 10:17 a.m. This repo has been linked 201 different CVEs too.

收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1100多个poc/exp,长期更新。

Updated: 3 months, 2 weeks ago
1 stars 0 fork 0 watcher
Born at : March 7, 2025, 2:48 a.m. This repo has been linked 142 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-22527 vulnerability anywhere in the article.

  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware

A recent investigation by VulnCheck has exposed a cryptomining campaign that has been running unnoticed for years. The threat actor behind this operation, using the Linuxsys miner, has been targeting ... Read more

Published Date: Jul 18, 2025 (1 month, 2 weeks ago)
  • The Hacker News
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Jul 17, 2025Ravie LakshmananCryptocurrency / Vulnerability Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryp ... Read more

Published Date: Jul 17, 2025 (1 month, 2 weeks ago)
  • Cybersecurity News
LockBit 4.0: A Deep Dive into the Evolving Ransomware

LockBit has been a major player in the ransomware world since 2019, known for its sophisticated tactics and significant impact on organizations across various industries. The group operates under a Ra ... Read more

Published Date: Mar 27, 2025 (5 months ago)
  • Cybersecurity News
From Confluence Vulnerability (CVE-2023-22527) to LockBit Encryption: A Rapid Attack Chain

LockBit ransom note | Image: The DFIR ReportSecurity researchers at The DFIR Report have uncovered a highly coordinated attack that leveraged a critical remote code execution (RCE) vulnerability in Co ... Read more

Published Date: Feb 25, 2025 (6 months, 1 week ago)
  • Cyber Security News
Wireshark 4.4.4 Released With Fix for Vulnerability That Triggers DoS Attack

The Wireshark Foundation has released version 4.4.4 of its widely used network protocol analyzer, addressing a high-severity vulnerability that could allow attackers to trigger denial-of-service (DoS) ... Read more

Published Date: Feb 24, 2025 (6 months, 1 week ago)
  • Cyber Security News
Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware

A sophisticated ransomware attack leveraging a critical Atlassian Confluence vulnerability (CVE-2023-22527, CVSS 10.0) has been uncovered, culminating in the deployment of LockBit Black ransomware acr ... Read more

Published Date: Feb 24, 2025 (6 months, 1 week ago)
  • TheCyberThrone
Most Exploited Vulnerabilities in 2024 Top 20 Analysis

In 2024, the cybersecurity landscape saw a significant number of exploited vulnerabilities, highlighting the ongoing challenges organizations face in protecting their systems and data.Some key trends ... Read more

Published Date: Dec 22, 2024 (8 months, 1 week ago)
  • Cybersecurity News
Evasive Malware Campaign Leverages CleverSoar Installer & Nidhogg Rootkit

CleverSoar Attack Flow | Image: Rapid7Rapid7 Labs has uncovered a sophisticated malware campaign employing the newly identified CleverSoar installer, a highly evasive threat targeting Chinese and Viet ... Read more

Published Date: Nov 29, 2024 (9 months ago)
  • Cybersecurity News
CVE-2024-21887 and More: How Earth Estries APT Group Exploits VPNs & Servers

Campaign Alpha overview | Image: Trend MicroIn a detailed report from Trend Micro, the Chinese advanced persistent threat (APT) group Earth Estries, also known by aliases like Salt Typhoon and GhostEm ... Read more

Published Date: Nov 27, 2024 (9 months ago)
  • Cybersecurity News
Critical Vulnerabilities in QNAP Notes Station 3: Update Now to Protect Your Data

QNAP has issued a security advisory regarding multiple critical vulnerabilities in Notes Station 3, a popular application for managing and sharing notes on QNAP devices. These vulnerabilities, with CV ... Read more

Published Date: Nov 26, 2024 (9 months, 1 week ago)
  • Cybersecurity News
Sonatype Nexus Repository 2 Hit By RCE (CVE-2024-5082) and XSS (CVE-2024-5083) Flaws

Sonatype has issued two security advisories for its Nexus Repository Manager 2.x, a popular repository manager used by organizations worldwide to store and distribute software artifacts, warning users ... Read more

Published Date: Nov 18, 2024 (9 months, 2 weeks ago)
  • security.nl
Amerikaanse ziekenhuizen gewaarschuwd voor Godzilla webshell

Het Amerikaanse ministerie van Volksgezondheid heeft ziekenhuizen en andere medische instellingen gewaarschuwd voor de 'Godzilla webshell' die bij aanvallen wordt ingezet en lastig te detecteren is (p ... Read more

Published Date: Nov 13, 2024 (9 months, 2 weeks ago)
  • Cybersecurity News
Frag Ransomware: A New Threat Exploits Veeam Vulnerability (CVE-2024-40711)

The Frag ransom note | Image: SophosSophos X-Ops recently uncovered Frag ransomware in a series of cyberattacks exploiting a vulnerability in Veeam backup servers, designated CVE-2024-40711. This newl ... Read more

Published Date: Nov 11, 2024 (9 months, 3 weeks ago)
  • Cybersecurity News
Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining

Attach chain | Image: Trend MicroIn a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim r ... Read more

Published Date: Oct 30, 2024 (10 months ago)
  • Trend Micro
Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Cyber Threats In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. ... Read more

Published Date: Oct 30, 2024 (10 months ago)
  • Cybersecurity News
Cryptojacking Alert: Hackers Exploit gRPC and HTTP/2 to Deploy Miners

Attack chain | Image: Trend MicroTrend Micro researchers have uncovered a new and unconventional method used by cybercriminals to deploy the SRBMiner cryptominer on Docker remote API servers. This att ... Read more

Published Date: Oct 23, 2024 (10 months, 1 week ago)
  • Cybersecurity News
LemonDuck Exploits EternalBlue Vulnerability for Cryptomining Attacks

A recent report from security researchers at Aufa and NetbyteSEC Interns sheds light on the resurgence of the LemonDuck malware, which is now exploiting the EternalBlue vulnerability (CVE-2017-0144) i ... Read more

Published Date: Oct 08, 2024 (10 months, 3 weeks ago)
  • Cybersecurity News
Linux Servers Under Siege: “Perfctl” Malware Evades Detection for Years

The entire attack flow | Image: Aqua NautilusIn a recent report by Aqua Nautilus researchers Assaf Morag and Idan Revivo, the Linux server community has been alerted to the presence of a particularly ... Read more

Published Date: Oct 03, 2024 (10 months, 4 weeks ago)
  • Cybersecurity News
Critical Security Flaws in Camaleon CMS Put Web Servers at Risk – Users Urged to Upgrade Immediately

In a significant development for website owners and administrators using Camaleon CMS, a critical security update has been released to address several vulnerabilities, some of which are already being ... Read more

Published Date: Sep 21, 2024 (11 months, 1 week ago)
  • Cybersecurity News
Ransomware Groups Exploit Veeam Flaw CVE-2023-27532 in Nigerian Cyber Infrastructure

The Nigeria Computer Emergency Response Team (ngCERT) has issued an urgent alert warning of ransomware groups actively targeting critical systems across Nigeria. The alert focuses on a high-severity v ... Read more

Published Date: Sep 20, 2024 (11 months, 1 week ago)

The following table lists the changes that have been made to the CVE-2023-22527 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Feb. 09, 2025

    Action Type Old Value New Value
    Changed Reference Type https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527 No Types Assigned https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527 Exploit
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html
    Added Reference https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615
    Added Reference https://jira.atlassian.com/browse/CONFSERVER-93833
    Added Reference https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527
  • Modified Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 03, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-74
  • Modified Analysis by [email protected]

    Jun. 10, 2024

    Action Type Old Value New Value
    Changed Reference Type http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html No Types Assigned http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type https://jira.atlassian.com/browse/CONFSERVER-93833 Permissions Required https://jira.atlassian.com/browse/CONFSERVER-93833 Issue Tracking, Vendor Advisory
    Changed CPE Configuration OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.7.0 up to (excluding) 8.7.1 OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jan. 26, 2024

    Action Type Old Value New Value
    Added Reference Atlassian http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html [No types assigned]
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jan. 25, 2024

    Action Type Old Value New Value
    Added Vulnerability Name Atlassian Confluence Data Center and Server Template Injection Vulnerability
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Due Date 2024-02-14
    Added Date Added 2024-01-24
  • Initial Analysis by [email protected]

    Jan. 24, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 No Types Assigned https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 Vendor Advisory
    Changed Reference Type https://jira.atlassian.com/browse/CONFSERVER-93833 No Types Assigned https://jira.atlassian.com/browse/CONFSERVER-93833 Permissions Required
    Added CWE NIST CWE-74
    Added CPE Configuration OR *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4 *cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* versions from (including) 8.7.0 up to (excluding) 8.7.1
    Added CPE Configuration OR *cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.5.4
  • CVE Modified by [email protected]

    Jan. 16, 2024

    Action Type Old Value New Value
    Changed Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server|8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server|8.5.4 (LTS)|8.5.5 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)|8.7.2 or later (Data Center Only)| For additional details, please see full advisory. A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
  • CVE Modified by [email protected]

    Jan. 16, 2024

    Action Type Old Value New Value
    Changed Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server| 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server| 8.5.4 (LTS)| 8.5.5 (LTS) |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| 8.6.3 or later (Data Center Only) 8.7.2 or later (Data Center Only) For additional details, please see full advisory. Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server|8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server|8.5.4 (LTS)|8.5.5 (LTS)| |Confluence Data Center|8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)|8.7.2 or later (Data Center Only)| For additional details, please see full advisory.
  • CVE Received by [email protected]

    Jan. 16, 2024

    Action Type Old Value New Value
    Added Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff} Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. {panel} Affected Versions ||Product||Affected Versions|| |Confluence Data Center and Server| 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Fixed Versions ||Product||Fixed Versions|| |Confluence Data Center and Server|8.5.4 (LTS)| |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| What You Need To Do Immediately patch to a fixed version Atlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin. ||Product||Fixed Versions||Latest Versions|| |Confluence Data Center and Server| 8.5.4 (LTS)| 8.5.5 (LTS) |Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| 8.6.3 or later (Data Center Only) 8.7.2 or later (Data Center Only) For additional details, please see full advisory.
    Added Reference Atlassian https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 [No types assigned]
    Added Reference Atlassian https://jira.atlassian.com/browse/CONFSERVER-93833 [No types assigned]
    Added CVSS V3 Atlassian AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Base CVSS Score: 10
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

94.36 }} -0.05%

score

0.99951

percentile