Atlassian warns of critical RCE flaw in older Confluence versions


Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.

The flaw is tracked as CVE-2023-22527, rated critical (CVSS v3: 10.0), and is a template injection vulnerability allowing unauthenticated attackers to perform remote code execution on impacted Confluence endpoints.

“Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular updates,” reads Atlassian’s security bulletin.

Read more…