QID 150765
Date Published: 2023-12-21
QID 150765: Atlassian Confluence Server and Data Center Remote Code Execution (RCE) Vulnerability (CVE-2023-22522)
Confluence is a team collaboration software written in Java and mainly used in corporate environments, it is developed and marketed by Atlassian.
Multiple versions of Atlassian Confluence Data Center and Confluence Server are affected by a Template Injection vulnerability which allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance.
Affected versions:
Confluence Data Center and Server versions: 4.x.x,5.x.x,6.x.x,7.x.x,8.0.x,8.1.x,8.2.x,8.3.x,8.4.0,8.4.1,8.4.2,8.4.3,8.4.4,8.5.0,8.5.1,8.5.2,8.5.3
Confluence Data Center versions: 8.6.0,8.6.1
QID Detection Logic (Unauthenticated) :
This QID sends HTTP GET request and checks for vulnerable version of Confluence running on the host.
Successful exploitation of this vulnerability could allow an authenticated attacker to achieve Remote Code Execution (RCE) on the target Confluence instance.
Customers are advised to upgrade to relevant Confluence Data Center and Server to version 7.19.17 (LTS), 8.4.5, 8.5.4 (LTS) and version 8.6.0, 8.6.1 or later for Data Center Only. For more information pertaining to remediating this vulnerability please refer Atlassian Security Advisory and CONFSERVER-93502.
CVEs related to QID 150765
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Atlassian Security Advisory |
confluence.atlassian.com/security/cve-2023-22522-rce-vulnerability-in-confluence-data-center-and-confluence-server-1319570362.html |