CVE-2023-22527 - Atlassian Confluence Data Center and Server Template Injection Vulnerability

Vulnerability Name

Atlassian Confluence Data Center and Server Template Injection Vulnerability

Description

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html

https://nvd.nist.gov/vuln/detail/CVE-2023-22527

Related News Articles

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical FlawSeptember 13, 2024

Atlassian Confluence Vulnerability Exploited in Crypto Mining CampaignsAugust 30, 2024