Confluence Data Center and Server has a template injection vulnerability [CVE-2023-22527] that allows an unauthenticated attacker to achieve remote code execution (RCE) on an affected instance.
Affected versions:
Out-of-date Confluence Data Center and Server versions released before Dec. 5, 2023 as well as 8.4.5, which no longer receives backported fixes in accordance with our Security Bug Fix Policy, are affected.
- 8.0.
x
- 8.1.
x
- 8.2.
x
- 8.3.
x
- 8.4.
x
- 8.5.0-8.5.3
Does not impact:
- Does not impact cloud instances.
- Most recent, supported versions of Confluence Data Center and Server are not affected, as the vulnerability was ultimately mitigated during regular version updates.
Severity: 10 CVSS score (Critical)
See the resource center.
Status
There are multiple historical vulnerability detection capabilities for Confluence Server.
We are developing full capability for detecting CVE-2023-22527. In the meantime, use CVE-2023-22515 as a proxy for detection.
Feedback
0 comments
Please sign in to leave a comment.