Critical RCE Vulnerability in Atlassian Confluence Data Center and Confluence Server

Template injection vulnerability CVE-2023-22522 could lead to remote code execution

Threat ID:: CC-4420
Threat Severity:: High
Published:: 13 December 2023 10:51 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Template injection vulnerability CVE-2023-22522 could lead to remote code execution

Affected platforms

The following platforms are known to be affected:

Versions: 8.6.0 to 8.6.1

Atlassian Confluence Data Center

Versions: all versions including and after 4.0.0

Atlassian Confluence Server

Threat details

Introduction

Atlassian has released an advisory to address a security vulnerability that affects Confluence Server and Confluence Data Center. CVE-2023-22522 is a template injection vulnerability with a CVSSv3 score of 9.0. A remote, authenticated attacker, including one with anonymous access, could exploit this vulnerability by injecting unsafe user input into a user Confluence page potentially leading to remote code execution (RCE).

Potential Exploitation of Confluence

Atlassian Confluence instances are often externally-facing by design and present an attractive target for exploitation by nation state and cyber criminal threat groups. Confluence vulnerabilities have been heavily targeted with exploits developed rapidly after vulnerability disclosure, leading to exploitation in the wild.

Remediation advice

Affected organisations must review Atlassian's CVE-2023-22522 - RCE Vulnerability In Confluence Data Center and Confluence Server advisory and apply the relevant updates as soon as practicable.

Definitive source of threat updates

https://confluence.atlassian.com/security/cve-2023-22522-rce-vulnerability-in-confluence-data-center-and-confluence-server-1319570362.html

CVE Vulnerabilities

Status Published

CVE-2023-22522

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Last edited: 13 December 2023 10:51 am