CVE ID
CVE-2023-22527
Vulnerability Name
Atlassian Confluence Data Center and Server Template Injection Vulnerability
- Project: Atlassian
- Product: Confluence Data Center and Server
Date
- Date Added: 2024-01-24
- Due Date: 2024-02-14
Description
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22527
Related Security News
- Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
- Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
- Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns
Top comments (0)