Unauthorized Remote Code Execution Vulnerability Affects Older Versions of Confluence
CVE-2023-22527

9.8CRITICAL

Key Information:

Vendor
Atlassian
Status
Confluence Data Center
Confluence Server
Vendor
CVE Published:
16 January 2024

Badges

🥇 Trended No. 1📈 Trended📈 Score: 19,200💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 97%🦅 CISA Reported📰 News Worthy

What is CVE-2023-22527?

CVE-2023-22527 is a serious vulnerability found in older versions of the Confluence Data Center and Server software, developed by Atlassian. Confluence is widely used for collaboration, documentation, and project management within organizations. This vulnerability allows an unauthenticated attacker to perform Remote Code Execution (RCE), which can lead to a full system compromise. Organizations using vulnerable versions of Confluence may face significant security risks, including unauthorized access to sensitive data and disruption of services.

Technical Details

The vulnerability is characterized as a template injection flaw, which exists in older instances of Confluence Data Center and Server. The nature of this flaw enables attackers to manipulate template rendering processes in the application. Successful exploitation of this vulnerability can result in unauthorized remote execution of code, granting attackers control over affected systems. Notably, the most recent supported versions of the software have been mitigated against this vulnerability through regular updates. It is essential for users of Confluence to ensure their software is updated to the latest supported versions to avoid potential risks.

Impact of the Vulnerability

  1. Unauthorized Remote Code Execution: The fundamental risk associated with CVE-2023-22527 is the ability for attackers to execute arbitrary code remotely, compromising the integrity and confidentiality of the affected systems.

  2. Data Breaches: Given that Confluence is often used to store sensitive information, successful exploitation can lead to unauthorized access to and exfiltration of confidential data, which can severely impact an organization’s reputation and compliance standing.

  3. Service Disruption: Attackers could leverage this vulnerability to disrupt services, leading to downtime and loss of productivity. Such disruptions can harm stakeholder trust and result in financial losses.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Confluence Data Center >= 8.0.0 < 8.0.0

Confluence Data Center >= 8.1.0 >= 8.1.0

Confluence Data Center >= 8.2.0 >= 8.2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-22527-Godzilla-MEMSHELL
Created by Boogipop

CVE-2023-22527-MEMSHELL
Created by M0untainShley

CVE-2023-22527_Confluence_RCE
Created by Avento

News Articles

favicon imageThe Hacker News

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Atlassian Confluence vulnerability CVE-2023-22527 actively exploited for cryptocurrency mining. Urgent patching recommended to prevent attacks.

5 months ago

favicon imageTrend Micro

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Malware Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless...

5 months ago

favicon image

Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking

Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.

5 months ago

References

https://confluence.atlassian.com/pages/viewpage.action?pa...
https://jira.atlassian.com/browse/CONFSERVER-93833
http://packetstormsecurity.com/files/176789/Atlassian-Con...

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 💰

    Used in Ransomware

  • 🦅

    CISA Reported

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 👾

    Exploit known to exist

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by Bleeping Computer

  • Vulnerability published

  • Vulnerability Reserved

Credit

Petrus Viet
.