CVE-2023-22522: RCE Vulnerability In Confluence Data Center and Confluence Server

Attention all Confluence Data Center and Confluence Server users: A critical vulnerability, identified as CVE-2023-22522 (CVSS score of 9.0), has been discovered that allows remote code execution (RCE) on affected instances. This vulnerability poses a significant security risk and requires immediate attention.

Affected Versions

The RCE vulnerability affects all versions including and after 4.0.0 of Confluence Data Center and Server. For users of Atlassian Cloud sites, there is no need to take any action as these sites are not affected by this vulnerability. Atlassian strongly recommends patching all affected instances to the latest version or a fixed LTS version.

Vulnerability Details

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker can execute arbitrary code on the affected Confluence instance, potentially gaining complete control of the system.

Mitigation

To mitigate this risk, please follow these steps:

  1. Identify Affected Instances: Determine which Confluence Data Center or Server versions are running in your environment.

  2. Apply Updates: Apply the latest version or one of the fixed LTS versions listed below:

    Confluence Data Center and Server:

    • 7.19.17 (LTS)
    • 8.4.5
    • 8.5.4 (LTS)

    Confluence Data Center:

    • 8.6.2 or later (Data Center Only)
    • 8.7.1 or later (Data Center Only)
  3. Monitor for Anomalies: Continuously monitor your Confluence instances for any suspicious activity or unauthorized access attempts.

Additional Considerations

  • If you are unable to apply the recommended updates immediately, consider backing up your instance

  • Remove your instance from the internet until you can patch. Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch.

Conclusion

The CVE-2023-22522 vulnerability is a critical security risk that requires prompt attention. By following the recommended mitigation steps and maintaining vigilance, you can effectively protect your Confluence instances from potential exploitation.