WARNING: ACTIVE EXPLOITATION OF A CRITICAL REMOTE CODE EXECUTION IN OUTDATED ATLASSIAN CONFLUENCE SERVERS, PATCH IMMEDIATELY!
CVE-2023-22527 - 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. Customers using an affected version must take immediate action.
CVE-2023-22527, has a high impact on Confidentiality, Integrity, and Availability.
Exploiting CVE-2023-22527does not require user interaction, and the attack complexity is rated as low.
Security researchers have observed exploitations attempts of this vulnerability.
Furthermore, proof-of-concept exploitation code has been published, which renders the exploitation of this vulnerability easier.
Description
CVE-2023-22527, is a template injection vulnerability that could allow an unauthenticated attacker to perform remote code execution (RCE) on affected versions.
This remote code execution vulnerability affects Confluence Data Center and Server versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3.
remark: Most recent supported versions and Atlassian Cloud sites of Confluence Data Center and Server are not affected by this vulnerability as it was mitigated during regular updates.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.