CVE-2023-22527: Critical Severity RCE Vulnerability In Confluence Data Center and Confluence Server

On January 16, Atlassian released a security advisory for CVE-2023-22527, a critical severity remote code execution (RCE) vulnerability affecting Confluence Data Center and Confluence Server. Atlassian provided the maximum CVSS score of 10 for this vulnerability and notes that “Customers using an affected version must take immediate action.”

Atlassian clarifies that the vulnerability affects older versions of Confluence Data Center and Server, namely versions in the 8.x releases, affecting those that were released prior to  December 5, 2023. In addition, version 8.4.5 is also impacted, which according to Atlassian, no longer receives backported fixes.

The vulnerability affects the following Confluence Data Center and Confluence Server versions:

• 8.0.x
• 8.1.x
• 8.2.x
• 8.3.x
• 8.4.x
• 8.5.0-8.5.3

Atlassian does not make any mentions of in-the-wild exploitation, however according to their Frequently Asked Questions article, they highly recommend patching this vulnerability as soon as possible, even if your Confluence instance is not exposed to the public internet. 

Tenable Research continues to monitor this vulnerability and plugin coverage is expected to be released very soon. You can check for coverage by visiting the dedicated CVE page for CVE-2023-22527. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.