CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2023-22527

CVSS 9.8v3.1pub. 2024-01-16upd. 2025-10-24

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

🤖 AI Analysis
How it works

An attacker without any authentication can inject a malicious payload into the template engine used by Confluence. The vulnerability classified as CWE-74 (injection) allows embedding and executing arbitrary code on the server side through a crafted HTTP request. The vulnerability affects older versions of the product — newer versions are not affected because the issue was removed during regular updates.

Impact

An unauthenticated attacker can take full control of the Confluence server, gaining the ability to read and modify data, as well as execute arbitrary system commands in the context of the application process.

Mitigation & patch

Confluence Data Center and Server must be immediately updated to the latest supported version according to vendor references available at: https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615. Atlassian recommends installing the latest version to protect against this and other vulnerabilities.

Who is affected

Older versions of Atlassian Confluence Data Center and Atlassian Confluence Server — specific version numbers indicated in vendor references (Atlassian security bulletin from January 2024).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Confluence Data Center

    APP
    Atlassian
    8.7.08.0.0 – 8.5.4 (bez)
  • Atlassian Confluence Server

    APP
    Atlassian
    8.0.0 – 8.5.4 (bez)

CISA KEV — detailsi

Vendori
Atlassian
Producti
Confluence Data Center and Server
Added to KEVi
January 24, 2024
Remediation deadline (US Federal)i
February 14, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 14 lutego 2024
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-22518CRITICAL9.8⚠ KEVten sam produkt

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Imprope...

CVE-2023-22515CRITICAL9.8⚠ KEVten sam produkt

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have...

CVE-2022-26138CRITICAL9.8⚠ KEVten sam produkt

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user acc...

CVE-2022-26134CRITICAL9.8⚠ KEVten sam produkt

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would a...

CVE-2021-26084CRITICAL9.8⚠ KEVten sam produkt

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would a...