Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527) - Vulnerability Database

Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)

Description

Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

Remediation

Upgrade to the latest version of Confluence.

References

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server

Atlassian Confluence - Remote Code Execution (CVE-2023-22527)

Related Vulnerabilities

Severity

Critical

Classification

CVE-2023-22527

CWE-917

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H