Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.
The flaw is tracked as CVE-2023-22527, rated critical, and is a template injection vulnerability allowing unauthenticated attackers to perform remote code execution on impacted Confluence endpoints.
Atlassian fixed the flaw in Confluence Data Center and Server versions 8.5.4, 8.6.0, and 8.7.1, which were released in December.
It is unclear if they quietly fixed the bug last month or if it was inadvertently fixed during their regular software development.
These versions were released earlier and aren't the latest anymore, so admins who have moved to a more recent release are safe from CVE-2023-22527 exploitation.
Atlassian notes that 8.4.5 and all previous release branches that have already fallen out of support will not receive a security update under its security bug fix policy.
Users of those versions are recommended to move to an actively supported release as soon as possible.
Atlassian has provided no mitigation or workarounds for the highlighted security problem, so applying the available updates is the recommended pathway.
A FAQ page Atlassian set up for the flaw explains that CVE-2023-22527 does not impact Confluence LTS v7.19.x, Cloud Instances hosted by the vendor, or any other Atlassian product.
It is noted that instances not connected to the internet and those that do not allow anonymous access are still exploitable, even if the risk is reduced.
For those unable to apply the available updates immediately, it is recommended to take impacted systems offline, back up the data to a location outside the Confluence instance, and monitor for malicious activity.
Atlassian Confluence bugs are often leveraged by attackers in the wild, including state-sponsored threat groups and opportunistic ransomware groups.
In the case of CVE-2023-22527, Atlassian cannot share any meaningful indicators of compromise to help detect exploitation.
The multiple possible entry points and ability to use the flaw in chained attacks broaden its scope too much to be able to pinpoint definitive exploitation signs.
Atlassian patches critical RCE flaws across multiple products.
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers.
Critical SonicWall firewall patch not released for all devices.
Microsoft discovers critical RCE flaw in Perforce Helix Core Server.
Hackers are exploiting critical Apache Struts flaw using public PoC..
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 16 Jan 2024 15:20:04 +0000