Atlassian Confluence Data Center and Server Template Injection [CVE-2023-22527] Ingrid Confluence Data Center and Server has a template injection vulnerability [CVE-2023-22527] that allows an unauthenticated attacker to achieve remote code execution (RCE) on an affected instance. Affected versions: Out-of-date Confluence Data Center and Server versions released before Dec. 5, 2023 as well as 8.4.5, which no longer receives backported fixes in accordance with our Security Bug Fix Policy, are affected. 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0-8.5.3 Does not impact: Does not impact cloud instances. Most recent, supported versions of Confluence Data Center and Server are not affected, as the vulnerability was ultimately mitigated during regular version updates. Severity: 10 CVSS score (Critical) What To Do Atlassian recommends patching immediately to the latest version. Use vulnerability detection to search for “CVE-2023-22527.” Navigation Options Continuous Monitoring: Vulnerability Detection Cyber Insurance: Vulnerability Detection SPM App: Findings ➔ Vulnerability Detection Take immediate action and install the latest version to protect affected instances from non-critical vulnerabilities, as outlined in the Atlassian January Security Bulletin. Resources Atlassian, “FAQ for CVE-2023-22527” Atlassian, “January 2024 Security Bulletin” NIST, “CVE-2023-22527 Detail” October 28, 2024: Vulnerability Detection in the SPM app moved from Risks to Findings. January 26, 2024: Vulnerability Detection available. January 25, 2024: Published. Related articles ArcaneDoor Vulnerabilities [CVE-2024-20353, CVE-2024-20359] What is Content-Security-Policy (CSP)? Atlassian Confluence Data Center and Server [CVE-2023-22515] GET: Alerts Open Port Finding Messages: Detected Services Feedback 0 comments Please sign in to leave a comment.