Service Notices

All Notices > Security Notices > Atlassian Confluence Template Injection Remote Code Execution Vulnerability (CVE-2023-22522)

Atlassian Confluence Template Injection Remote Code Execution Vulnerability (CVE-2023-22522)

Dec 08, 2023 GMT+08:00

I. Overview

Recently, Atlassian officially released a security notice, disclosing a major template injection remote code execution vulnerability (CVE-2023-22522) in specific versions of its Confluence Server and Confluence Data Center products. This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Successful exploitation of this vulnerability can cause remote code execution on affected servers.

Atlassian Confluence Data Center & Server is a professional enterprise knowledge management and collaboration software provided by Atlassian. It can be used to build enterprise wikis. If you are an Atlassian Confluence Data Center & Server user, check your versions and implement timely security hardening.

Reference

https://confluence.atlassian.com/security/cve-2023-22522-rce-vulnerability-in-confluence-data-center-and-confluence-server-1319570362.html

https://jira.atlassian.com/browse/CONFSERVER-93502

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Confluence Data Center and Server 4.x.x

Confluence Data Center and Server 5.x.x

Confluence Data Center and Server 6.x.x

Confluence Data Center and Server 7.x.x

Confluence Data Center and Server 8.0.x

Confluence Data Center and Server 8.1.x

Confluence Data Center and Server 8.2.x

Confluence Data Center and Server 8.3.x

8.4.0 <= Confluence Data Center and Server <= 8.4.4

8.5.0 <= Confluence Data Center and Server <= 8.5.3

8.6.0 <= Confluence Data Center <= 8.6.1

Secure versions:

Confluence Data Center and Server 7.19.17 (LTS)

Confluence Data Center and Server 8.4.5

Confluence Data Center and Server 8.5.4 (LTS)

Confluence Data Center >= 8.6.2

Confluence Data Center >= 8.7.1

IV. Vulnerability Handling

This vulnerability has been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the secure version.

https://www.atlassian.com/software/confluence/download-archives

If the upgrade cannot be performed in a timely manner, perform the following operations based on the suggestions provided by Atlassian:

1. Back up the instance by referring to the following link:

https://confluence.atlassian.com/doc/production-backup-strategy-38797389.html

2. Use a whitelist to restrict accessible IP addresses.

3. If possible, delete the instance from the Internet until the upgrade can be performed.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.