Security Advisory: Remote Code Execution Vulnerability in Confluence Data Center and Confluence Server

Remote Code Execution Vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server

Overview

Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-22527 (CVSS v3: 10.0). This is a template injection vulnerability that allows unauthenticated attackers to perform remote code execution on impacted Confluence endpoints.

Notably, Atlassian Cloud sites are not affected by this vulnerability. Sites accessed via an atlassian.net domain, hosted by Atlassian, are not susceptible to this issue.

As of now, CTRL is not aware of any active exploitation of CVE-2023-22527.

Affected Devices

The RCE vulnerability impacts Confluence Data Center and Server versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3. In summary, affected versions include Server 8 versions released before 05 December 2023 and 8.4.5.

Recommended Remediations

There are no known workarounds. CTRL recommends patching to the latest version available to mitigate any potential attack vectors:

  • Confluence Data Center and Server: Version 8.5.5 (LTS)
  • Confluence Data Center: Version 8.7.2 (Data Center Only)

For a detailed report, please refer to the article from Atlassian.

Source

preloader