9.8 CVE-2023-22527

CISA Kev Catalog Exploit
 

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
https://nvd.nist.gov/vuln/detail/CVE-2023-22527

Categories

CWE-74

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* >= 8.0.0 < 8.5.4
cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*
Configuration 2
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* >= 8.0.0 < 8.5.4


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url

Other Nist (github, ...)

Url
http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injecti...
https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-f...
http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injecti...


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry