CVE-2023-22527

Vulnerability updated 7 months ago (2024-11-29T14:42:52.603Z)

Download STIX

Preview STIX

CVE-2023-22527 is a critical vulnerability found in Atlassian's Confluence Server and Data Center. This flaw, rated 10 out of 10 on the CVSS v3 scale, is a template injection issue that allows an unauthenticated attacker to execute remote code. The vulnerability specifically affects outdated versions of Confluence Data Center and Server, namely versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3. The discovery of this vulnerability led Atlassian to release a security advisory as well as its January 2024 security bulletin addressing vulnerabilities in multiple products. The company has since patched this critical flaw, which could have potentially allowed for remote code execution, posing a significant risk to users' security and data integrity. Atlassian revealed the critical Confluence RCE flaw on January 16, 2024, urging users to take immediate action. The company provided a patch for CVE-2023-22527 to mitigate the potential damage from unauthenticated attackers exploiting the flaw. Users of affected versions of Confluence Data Center and Server are strongly recommended to update their software to the latest version to protect against this severe vulnerability.

Description last updated: 2024-05-04T17:03:30.749Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Confluence

Vulnerability

Atlassian

Xmrig

Xmrig Miner

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the CVE-2023-22527 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	10 months ago	Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	10 months ago	Threat actors exploit Atlassian Confluence bug in cryptomining campaigns
DARKReading	10 months ago	Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking
Trend Micro	10 months ago	Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
CERT-EU	a year ago	Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!
InfoSecurity-magazine	a year ago	Hackers Target Atlassian Confluence With RCE Exploits
DARKReading	a year ago	Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory
Securityaffairs	a year ago	CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog - Security Affairs
CISA	a year ago	CISA Adds One Known Exploited Vulnerability to Catalog \| CISA
Checkpoint	a year ago	22nd January – Threat Intelligence Report - Check Point Research
SANS ISC	a year ago	Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527 - SANS Internet Storm Center
CERT-EU	a year ago	Cyber Security Week in Review: January 19, 2024
CERT-EU	a year ago	Atlassian Releases Security Updates for Multiple Products \| CISA
CERT-EU	a year ago	A Vulnerability in Atlassian Confluence Data Center and Server Could Allow for Remote Code Execution
BankInfoSecurity	a year ago	NetScaler, Atlassian, VMWare Disclose Critical Flaws
CERT-EU	a year ago	Atlassian Confluence vulnerability enables remote code execution
CERT-EU	a year ago	Citrix, Google address Netscaler, Chrome zero-days
Securityaffairs	a year ago	Atlassian fixed critical RCE in older Confluence versions - Security Affairs
CERT-EU	a year ago	Atlassian issues urgent Confluence patch
CERT-EU	a year ago	Atlassian fixed critical RCE in older Confluence versions