CVE-2023-22527

NVD Published Date: January 16, 2024 at 05:15 AM
NVD Last Modified: August 14, 2024 at 03:23 PM
Download Patch
Vulnerability ID
CVE-2023-22527
Severity
CRITICAL
Severity Score
9.8
Summary
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Mitigation and Patches
-
Exploits

https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL

https://github.com/M0untainShley/CVE-2023-22527-MEMSHELL

https://github.com/Avento/CVE-2023-22527_Confluence_RCE

https://github.com/VNCERT-CC/CVE-2023-22527-confluence

https://github.com/Manh130902/CVE-2023-22527-POC

https://github.com/Vozec/CVE-2023-22527

https://github.com/RevoltSecurities/CVE-2023-22527

https://github.com/Chocapikk/CVE-2023-22527

https://github.com/thanhlam-attt/CVE-2023-22527

https://github.com/vulncheck-oss/cve-2023-22527

https://github.com/adminlove520/CVE-2023-22527

https://github.com/yoryio/CVE-2023-22527

https://github.com/C1ph3rX13/CVE-2023-22527

https://github.com/Privia-Security/CVE-2023-22527

https://github.com/Avento/CVE-2023-22527_Confluence_RCE

https://github.com/Manh130902/CVE-2023-22527-POC

https://thehackernews.com/2024/01/40000-attacks-in-3-days-critical.html

https://github.com/VNCERT-CC/CVE-2023-22527-confluence

https://github.com/C1ph3rX13/CVE-2023-22527

https://github.com/Vozec/CVE-2023-22527

https://github.com/sanjai-AK47/CVE-2023-22527

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2023_22527.rb

https://github.com/adminlove520/CVE-2023-22527

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/Chocapikk/CVE-2023-22527

https://github.com/thanhlam-attt/CVE-2023-22527

https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL

https://github.com/M0untainShley/CVE-2023-22527-MEMSHELL

https://github.com/vulncheck-oss/cve-2023-22527

https://github.com/yoryio/CVE-2023-22527

https://github.com/RevoltSecurities/CVE-2023-22527

https://github.com/Privia-Security/CVE-2023-22527

http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html

Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-74

Recent Publish

CVE-2024-21762

CVE-2024-21410

CVE-2024-27198

CVE-2023-48788

CVE-2024-3272

CVE-2024-3273

See SecOps Solution
in action

Schedule Demo