Critical RCE Flaw in Confluence Data Center and Server Created

Critical RCE Flaw in Confluence Data Center and Server Created

A critical security vulnerability has been identified in Confluence Data Center and Confluence Server, known as CVE-2023-22527.

This vulnerability is rated at the highest severity level (CVSS 10) due to its potential for allowing unauthenticated attackers to execute arbitrary code on vulnerable systems.

The vulnerability stems from a template injection flaw in outdated versions of Confluence Data Center and Confluence Server, specifically versions 8.0.x to 8.5.3 released before December 5, 2023, and version 8.4.5.

Affected Systems

Affected Versions

To mitigate this risk, users of affected versions must immediately upgrade to the latest available version of Confluence Data Center or Confluence Server. Patching or workarounds are not considered effective solutions for this vulnerability.

IoC’s

-

Recommended Solution(s)

-

Mitigations

There are no known workarounds. To remediate this vulnerability, update each affected product installation to the latest version.

CVE / CWE

CVE-2023-22527

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2023-22527
• https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.