Template Injection Vulnerability in Atlassian Confluence Server and Data Center
CVE-2023-22522
Key Information:
- Vendor
- Atlassian
- Vendor
- CVE Published:
- 6 December 2023
Badges
Summary
A Template Injection vulnerability exists in Atlassian Confluence which allows an authenticated user, even with anonymous access, to inject harmful user input into Confluence pages. This can lead to Remote Code Execution (RCE), putting affected instances at risk. Notably, Confluence Data Center and Server versions are susceptible, while Atlassian Cloud sites are not impacted by this issue. Administrators should evaluate their environments and apply the necessary patches as per the provided advisory for enhanced security.
Affected Version(s)
Confluence Data Center >= 4.0.0 < 4.0.0
Confluence Data Center >= 7.20.0 >= 7.20.0
Confluence Data Center >= 8.0.0 >= 8.0.0
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
Thousands of exploit attempts reported on critical Atlassian Confluence RCE
Security researchers say they recorded several thousands exploit attempts on Atlassian Confluence RCE originating from more than 600 unique IP addresses.
1 year ago
Atlassian Confluence vulnerability enables remote code execution
The critical bug, given a maximum CVSS score of 10 by Atlassian, requires an urgent update to the fixed version to avoid exploitation.
1 year ago
Security BoulevardConfluence Remote Code Execution Vulnerability (CVE-2023-22527) Alert
Overview On January 16, NSFOCUS CERT detected that Atlassian officially released a security announcement fixing the remote code execution vulnerability (CVE-2023-22522) in Confluence Data Center and Confluence Server. This vulnerability is caused by template injection. Unauthenticated attackers can ...
1 year ago
References
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved