Vulnerability Details : CVE-2023-22527
Public exploit exists!
Used for ransomware!
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.
Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Products affected by CVE-2023-22527
- cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*
CVE-2023-22527 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Atlassian Confluence Data Center and Server Template Injection Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
Notes:
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22527
Added on
2024-01-24
Action due date
2024-02-14
Exploit prediction scoring system (EPSS) score for CVE-2023-22527
97.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-22527
-
Atlassian Confluence SSTI Injection
Disclosure Date: 2024-01-16First seen: 2024-01-26exploit/multi/http/atlassian_confluence_rce_cve_2023_22527This module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.
CVSS scores for CVE-2023-22527
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
Atlassian | 2024-01-16 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-01-24 |
CWE ids for CVE-2023-22527
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-22527
-
https://jira.atlassian.com/browse/CONFSERVER-93833
Log in to continue - Log in with Atlassian accountIssue Tracking;Vendor Advisory
-
http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html
Atlassian Confluence SSTI Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615
Log in to continue - Log in with Atlassian accountVendor Advisory
Jump to