Atlassian has patched a critical vulnerability in Confluence Data Center and Confluence Server that could lead to remote code execution.
The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.4 LTS and 8.6.0 and 8.7.1, so some customers have already upgraded to those or to later versions.
CVE-2023-22527 is a template injection vulnerability that allows an unauthenticated attacker to achieve RCE on an affected version of Confluence Data Center and Confluence Server: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0-8.5.3.
Atlassian Cloud instances are not affected by this vulnerability, and neither is Confluence version 7.19.x. Additional advice for customers.
Vulnerable Confluence instances have been preferred targets of various threat actors over the years.
If updating is impossible at this time, customers should take their system off the internet immediately, back up the data of the instance to a secure location outside of the Confluence instance, and engage their local security team to review for any potential malicious activity.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 16 Jan 2024 18:28:20 +0000