From bleepingcomputer.com
Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.
The flaw is tracked as CVE-2023-22527, rated critical (CVSS v3: 10.0), and is a template injection vulnerability allowing unauthenticated attackers to perform remote code execution on impacted Confluence endpoints.
“Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular updates,” readsĀ Atlassian’s security bulletin.