Remote Code Execution Vulnerability in Atlassian Confluence Data Center
CVE-2023-22526

8.8HIGH

Key Information:

Vendor: Atlassian
Status: Confluence Data Center
Vendor: CVE Published:; 16 January 2024

Summary

A significant Remote Code Execution (RCE) vulnerability exists in specific versions of Atlassian Confluence Data Center, which allows authenticated attackers to execute arbitrary code without requiring user interaction. This vulnerability poses substantial risks to the confidentiality, integrity, and availability of affected systems. Users are strongly advised to upgrade to the latest versions or the specified fixed releases to mitigate potential threats. More information on the latest upgrades can be found through the Atlassian release notes.

Affected Version(s)

Confluence Data Center >= 7.13.0 < 7.13.0

Confluence Data Center >= 7.19.0 >= 7.19.0

Confluence Data Center >= 8.0.0 >= 8.0.0

References

https://confluence.atlassian.com/pages/viewpage.action?pa...

https://jira.atlassian.com/browse/CONFSERVER-93516

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Jan 1, 2023

Credit

m1sn0w