Executive Summary
Atlassian recently released a patch for a critical vulnerability, CVE-2023-22527, affecting older versions of Confluence. Atlassian assigned an initial CVSS score of 10.0 to this flaw, which allows unauthenticated attackers to execute arbitrary code. Furthermore, experts have noticed a significant increase in exploit attempts against this Confluence vulnerability.
This increase has been observed after revealing the vulnerability details and a proof-of-exploit. Thus, users of affected versions must act immediately to protect their systems against active Atlassian vulnerability exploits.
About CVE-2023-22527
CVE-2023-22527 is a critical remote code execution vulnerability. It affects older versions of Confluence Data Center and Server.
The flaw stems from a template injection issue. It allows unauthenticated attackers to execute arbitrary commands and code remotely.
The vulnerability exists in versions released before December 5, 2023. This includes version 8.4.5, which no longer receives backported fixes.
Exploit Attempts
After the public disclosure of this Confluence vulnerability and the release of proof-of-concept code, exploit attempts have increased. The proof of exploit came to light when researchers reversed the patch issued by Atlassian.
Attackers are actively using this vulnerability with various payloads. They aim to export data or execute commands on affected systems. This revelation underscores the urgency of applying the security patch immediately. It also highlights the importance of system vigilance.
Atlassian’s Fix
Atlassian has released an update and a security advisory for this critical issue.
This update fixes the template injection vulnerability associated with OGNL in Java’s Struts framework. It prevents attackers from injecting arbitrary OGNL objects. This method was previously used for executing Java code.
Additionally, it is worth mentioning that the latest supported versions of Confluence Data Center and Server and Atlassian Cloud instances are not vulnerable.
Please see below the list of impacted products, their fixed versions and the latest versions.
Product | Fixed Versions | Latest Versions |
Confluence Data Center and Server | • 8.5.4 (LTS) | • 8.5.5 (LTS) |
Confluence Data Center | • 8.6.0 (Data Center Only) • 8.7.1 (Data Center Only) | • 8.7.2 (Data Center Only) |
The company is urging all affected users to update their systems immediately. Also, Atlassian recommends that users patch each of the affected installations to the latest available version. As the listed “Fixed Versions” are no longer the most up-to-date, they do not provide protection against other high-severity vulnerabilities fixed in the January Security Release.
- Microsoft Teams Default Settings Allows Malware
- Open-Source Organizations Collaborate to Strengthen Digital Supply Chain
- Okta Breach Update: 100% of Customer Base Affected
- [ZeroDay] Update: Active Exploit of Unpatched Cisco Vulnerabilities
- Google Set to Remove Data Tracked in Incognito
- [CVSS 9+] Vulnerability on GoAnywhere MFT: Update Now!