Template Injection Vulnerability in Atlassian Confluence Server and Data Center
CVE-2023-22522
Key Information:
- Vendor
- Atlassian
- Vendor
- CVE Published:
- 6 December 2023
Badges
Summary
A Template Injection vulnerability exists in Atlassian Confluence which allows an authenticated user, even with anonymous access, to inject harmful user input into Confluence pages. This can lead to Remote Code Execution (RCE), putting affected instances at risk. Notably, Confluence Data Center and Server versions are susceptible, while Atlassian Cloud sites are not impacted by this issue. Administrators should evaluate their environments and apply the necessary patches as per the provided advisory for enhanced security.
Affected Version(s)
Confluence Data Center >= 4.0.0 < 4.0.0
Confluence Data Center >= 7.20.0 >= 7.20.0
Confluence Data Center >= 8.0.0 >= 8.0.0
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
TheCyberThroneCVE-2023-22522Atlassian fixes critical RCE vulnerabilities in its products
Atlassian has fixed four critical vulnerabilities in its software that could result in remote code execution. The first vulnerability is CVE-2022-1471 with a CVSS score 9.8, is a Deserialization vulnerability in the SnakeYAML library that can lead to remote code execution in multiple products The se...
Thousands of exploit attempts reported on critical Atlassian Confluence RCE
Security researchers say they recorded several thousands exploit attempts on Atlassian Confluence RCE originating from more than 600 unique IP addresses.
Atlassian Confluence vulnerability enables remote code execution
The critical bug, given a maximum CVSS score of 10 by Atlassian, requires an urgent update to the fixed version to avoid exploitation.
References
EPSS Score
42% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved