CVE-2023-22527
Confluence Server Analyse et atténuation des vulnérabilités

Aperçu

A template injection vulnerability (CVE-2023-22527) was discovered in older versions of Confluence Data Center and Server that allows an unauthenticated attacker to achieve Remote Code Execution (RCE) on affected instances. The vulnerability affects versions 8.0.x through 8.5.3, while version 7.19.x LTS is not affected. This critical vulnerability received a CVSS score of 9.8 (NIST) and 10.0 (Atlassian) (Atlassian Advisory, NVD).

Détails techniques

The vulnerability is classified as a template injection vulnerability (CWE-74) that allows for improper neutralization of special elements in output used by a downstream component. The vulnerability can be exploited without authentication and requires no user interaction, making it particularly dangerous. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability (NVD).

Impact

The vulnerability allows attackers to execute arbitrary code on affected systems without authentication. It has been actively exploited in cryptojacking attacks, where attackers deploy shell scripts and XMRig miners, target SSH endpoints, kill competing cryptomining processes, and maintain persistence through cron jobs (Trend Micro).

Atténuation et solutions de contournement

Atlassian recommends immediate patching to the latest versions: 8.5.5 (LTS) for both Server and Data Center, or 8.7.2 for Data Center only. For customers unable to patch immediately, Atlassian recommends taking the system off the internet, backing up data to a secure location outside of the Confluence instance, and engaging local security teams to review for potential malicious activity (Atlassian Advisory).

Réactions de la communauté

The vulnerability has garnered significant attention in the security community due to its critical severity and active exploitation. CISA has added it to their Known Exploited Vulnerabilities Catalog with a remediation date of February 14, 2024, indicating its significance (NVD).

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté Confluence Server Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2024-21683HIGH8.8
  • Atlassian Fisheye & Crucible logoAtlassian Fisheye & Crucible
  • cpe:2.3:a:atlassian:jira_service_management
NonOuiMay 21, 2024
CVE-2024-21686HIGH8.7
  • Confluence Server logoConfluence Server
  • cpe:2.3:a:atlassian:confluence_server
NonOuiJul 16, 2024
CVE-2025-22166HIGH8.3
  • Confluence Server logoConfluence Server
  • cpe:2.3:a:atlassian:confluence_server
NonOuiOct 21, 2025
CVE-2024-21690HIGH8.2
  • Confluence Server logoConfluence Server
  • cpe:2.3:a:atlassian:confluence_server
NonOuiAug 21, 2024
CVE-2024-21703MEDIUM6.4
  • Confluence Server logoConfluence Server
  • cpe:2.3:a:atlassian:confluence_server
NonOuiNov 27, 2024

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités