CVE-2023-22527 - Atlassian Confluence Data Center and Server Template Injection Vulnerability

CVE-2023-22527: Atlassian | Confluence Data Center and Server

Date Added:
2024-01-24

Due Date:
2024-02-14

Vulnerability Name: Atlassian Confluence Data Center and Server Template Injection Vulnerability

Description: Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22527

Related News Articles

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical FlawSeptember 13, 2024

Atlassian Confluence Vulnerability Exploited in Crypto Mining CampaignsAugust 30, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard