Confluence Data Center and Confluence Server RCE Vulnerability - 20240117002¶
Overview¶
A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. Customers using an affected version must take immediate action.
What is vulnerable?¶
| Product(s) Affected | Summary | CVE | Severity | CVSS |
|---|---|---|---|---|
| Confluence Data Center and Server | This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with Atlassian's Security Bug Fix Policy. Atlassian recommends patching to the latest version. | CVE-2023-22527 | Critical | 10 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hrs... (refer Patch Management):