Atlassian reports another critical vulnerability in Confluence
Take action: If you are still running self-hosted Confluence instances, time to wake up your engineering team and start patching. This is the another vulnerability at maximum severity, and hackers simply love Confluence for attacks. If you are on unsupported version, isolate the instance from the internet and upgrade to a supported version.
Learn More
Atlassian has issued an alert regarding a critical remote code execution vulnerability in older versions of Confluence Data Center and Server.
The flaw is tracked as CVE-2023-22527 (CVSS score 10.0), it arises from a template injection issue, enabling unauthenticated attackers to execute code remotely on affected Confluence endpoints.
The flaw specifically impacts versions 8.0.x to 8.5.3, released before December 5, 2023. Atlassian has patched this vulnerability in versions 8.5.4, 8.6.0, and 8.7.1, released in December, although it's unclear if the fix was deliberate or a byproduct of other patches and updates.
Unsupported versions, such as 8.4.5 and earlier, will not receive this security update. As there are no workarounds or mitigations provided, updating to a supported release is crucial.
This vulnerability does not affect Confluence LTS v7.19.x, Cloud Instances, or other Atlassian products, but all instances, even those without internet or anonymous access, are at risk.
The vulnerability's broad exploitation scope makes it difficult to provide definite indicators of compromise, emphasizing the importance of updating to safeguard against potential attacks.
