A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Published 2024-01-16 05:15:08
Updated 2024-08-14 15:23:21
Source Atlassian
View at NVD,   CVE.org

Products affected by CVE-2023-22527

CVE-2023-22527 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Atlassian Confluence Data Center and Server Template Injection Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
Notes:
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22527
Added on 2024-01-24 Action due date 2024-02-14

Exploit prediction scoring system (EPSS) score for CVE-2023-22527

97.28%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-22527

  • Atlassian Confluence SSTI Injection
    Disclosure Date: 2024-01-16
    First seen: 2024-01-26
    exploit/multi/http/atlassian_confluence_rce_cve_2023_22527
    This module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.

CVSS scores for CVE-2023-22527

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
CRITICAL CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.9
6.0
Atlassian 2024-01-16
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST 2024-01-24

CWE ids for CVE-2023-22527

References for CVE-2023-22527

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!