- 25/2024
- Critical
Atlassian has released a security update to address a critical vulnerability in Atlassian Confluence Data Center and Server out-of-date versions (8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3).
The addressed vulnerability is described as a template injection weakness that could allow the unauthenticated remote attacker to execute arbitrary code and gain access to the affected system.
Atlassian Confluence Data Center and Atlassian Confluence Server Code Execution Vulnerability (CVE-2023-22527):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that security researchers discovered that a public exploit for “CVE-2023-22527” exists in the wild.
Vulnerabilities
CVE-2023-22527
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.