A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
An attacker without any authentication can inject a malicious payload into the template engine used by Confluence. The vulnerability classified as CWE-74 (injection) allows embedding and executing arbitrary code on the server side through a crafted HTTP request. The vulnerability affects older versions of the product — newer versions are not affected because the issue was removed during regular updates.
An unauthenticated attacker can take full control of the Confluence server, gaining the ability to read and modify data, as well as execute arbitrary system commands in the context of the application process.
Confluence Data Center and Server must be immediately updated to the latest supported version according to vendor references available at: https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615. Atlassian recommends installing the latest version to protect against this and other vulnerabilities.
Older versions of Atlassian Confluence Data Center and Atlassian Confluence Server — specific version numbers indicated in vendor references (Atlassian security bulletin from January 2024).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAtlassian Confluence Data Center
APPAtlassian8.7.08.0.0 – 8.5.4 (bez)Atlassian Confluence Server
APPAtlassian8.0.0 – 8.5.4 (bez)
CISA KEV — detailsi
- Vendori
- Atlassian ↗
- Producti
- Confluence Data Center and Server
- Added to KEVi
- January 24, 2024
- Remediation deadline (US Federal)i
- February 14, 2024(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
Related vulnerabilities
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Imprope...
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have...
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user acc...
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would a...
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would a...