CVE-2023-22527: Atlassian Confluence RCE Vulnerability

vendor:

Confluence

by:

MaanVader

8.1

CVSS

CRITICAL

Remote Code Execution (RCE)

CWE

Product Name: Confluence

Affected Version From: 8.0.x

Affected Version To: 8.5.2003

Patch Exists: YES

Related CWE: CVE-2023-22527

CPE: a:atlassian:confluence

Metasploit: https://www.rapid7.com/db/vulnerabilities/atlassian-confluence-cve-2023-22527/

Other Scripts:

Platforms Tested: Linux

2024

CVE-2023-22527: Atlassian Confluence RCE Vulnerability

The vulnerability allows remote attackers to execute arbitrary code on the affected Atlassian Confluence servers. By sending a specially crafted payload to the '/template/aui/text-inline.vm' endpoint, an attacker can exploit this issue. This vulnerability is identified as CVE-2023-22527.

Mitigation:

To mitigate this vulnerability, it is recommended to update Atlassian Confluence to a patched version provided by the vendor.

Source

CVE-2023-22527: Atlassian Confluence RCE Vulnerability

Mitigation:

Exploit-DB raw data: