Atlassian recommends that its customers update their Confluence Data Center and Server to safeguard against the exploitation of a critical vulnerability that has the potential to lead to Remote Code Execution (RCE).
The critical vulnerability, designated as CVE-2023-22527 with a maximum severity rating of 10.0, is characterized as a template injection vulnerability found in older versions of Confluence Data Center and Server.
Exploiting this security flaw could empower unauthenticated attackers to achieve Remote Code Execution (RCE) on affected instances.
The vulnerability has a substantial impact on all facets of the CIA triad, compromising Confidentiality, Integrity, and Availability.
Threat actors have previously exploited vulnerabilities in different Atlassian products, as demonstrated by CISA’s inclusion of a Confluence Data Center and Server vulnerability in its Known Exploited Vulnerabilities Catalog in November 2023. The CISO of Atlassian issued a warning about this vulnerability in October 2023.
In late November 2023, the company resolved a set of Remote Code Execution (RCE) vulnerabilities in Bamboo & Crowd Data Center and Server, presenting significant security risks.
Furthermore, in December, CISA underscored the urgency of taking immediate action to address an additional set of critical vulnerabilities impacting various Atlassian products.
Considering the extensive utilization of Atlassian products in business environments, the gravity of the new vulnerability (CVE-2023-22527) is likely to draw the attention of threat actors.
Affected Confluence Data Center and Server Versions for CVE-2023-22527 include:
- 8.5.0 – 8.5.3
As per Atlassian’s advisory, the most recent supported versions are not impacted by this vulnerability. The issue specifically affects outdated Confluence Data Center and Server 8 versions released before December 5, 2023, as well as version 8.4.5, which no longer receives backported fixes.