CVE-2023-22527

Summary

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.

Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

Affected Software

VendorProductVersion RangeStatus
AtlassianConfluence Data Center< 8.0.0unaffected
AtlassianConfluence Data Center>= 8.0.0affected
AtlassianConfluence Data Center>= 8.1.0affected
AtlassianConfluence Data Center>= 8.2.0affected
AtlassianConfluence Data Center>= 8.3.0affected
AtlassianConfluence Data Center>= 8.4.0affected
AtlassianConfluence Data Center>= 8.5.0affected
AtlassianConfluence Data Center>= 8.5.1affected
AtlassianConfluence Data Center>= 8.5.2affected
AtlassianConfluence Data Center>= 8.5.3affected
AtlassianConfluence Data Center>= 8.5.4unaffected
AtlassianConfluence Data Center>= 8.6.0unaffected
AtlassianConfluence Data Center>= 8.7.1unaffected
AtlassianConfluence Server< 8.0.0unaffected
AtlassianConfluence Server>= 8.0.0affected
AtlassianConfluence Server>= 8.1.0affected
AtlassianConfluence Server>= 8.2.0affected
AtlassianConfluence Server>= 8.3.0affected
AtlassianConfluence Server>= 8.4.0affected
AtlassianConfluence Server>= 8.5.0affected
AtlassianConfluence Server>= 8.5.1affected
AtlassianConfluence Server>= 8.5.2affected
AtlassianConfluence Server>= 8.5.3affected
AtlassianConfluence Server>= 8.5.4unaffected
AtlassianConfluence Server>= 8.6.0unaffected

Weaknesses

  • RCE (Remote Code Execution)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References