Yet Another Confluence Vulnerability

Vulnerabilities

Jan 22

On January 16, 2024 Atlassian released an advisory for a new RCE vulnerability for Confluence Data Center and Server. Per their advisory: a template injection vulnerability for Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE, and all users should update immediately. This affects all versions prior to 8.5.4/8.6.0/8.7.1, except versions 7.19.x.

This vulnerability CVE-2023-22527 comes off of earlier announcements of two previous high severity findings. These findings are particularly dangerous as they have been proven to be exploited in the wild. Given this, all users of Confluence should stay vigilant to ensure that they never miss an announcement like these where exploits are actually occurring. If you feel you need help remaining vigilant, contact us for a demo: demo@glassportal.io

context-driven vulnerability managementvulnerabilityvulnerability and risk managementatlassian confluenceexploithacking

Paul Kubler

Yet Another Confluence Vulnerability

Git Critical RCE Vulnerability with working PoC

Weekly Vulnerability Summary: 7 New Vulnerabilities for the week of November 12, 2023