A new remote code execution vulnerability has been found in Confluence Data Center and Server. CVE-2023-22522, exploited using template injection, allows authenticated attackers (including those with anonymous access) to inject malicious user input into Confluence pages. What’s more, this vulnerability affects all versions of Confluence, starting from 4.0.0!
Atlassian rated this vulnerability a hefty 9.0 on the CVSS scale, branding it a critical flaw, and urged users to patch their software immediately.
Impact
Successful exploitation of this vulnerability can result in remote code being executed on your devices.
Affected Versions
| Product | Affected Versions |
|---|---|
| Confluence Data Center and Server | 4.x.x 5.x.x 6.x.x 7.x.x 8.0.x 8.1.x 8.2.x 8.3.x 8.4.0 8.4.1 8.4.2 8.4.3 8.4.4 8.5.0 8.5.1 8.5.2 8.5.3 |
| Confluence Data Center | 8.6.0 8.6.1 |
Solution
A few mitigations are provided. You should back up your instance by following the steps provided in the linked documentation. Removing your instance from the internet until you can update it is also recommended.
Luckily for us, this vulnerability already has patches. We’ve displayed the fixed versions below.
| Product | Fixed Versions |
|---|---|
| Confluence Data Center and Server | 7.19.17 (LTS) 8.4.5 8.5.4 (LTS) |
| Confluence Data Center | 8.6.2 or later (Data Center Only) 8.7.1 or later (Data Center Only) |
The good news is that Atlassian Cloud sites are unaffected by this vulnerability! You don’t need to worry about this flaw if you use an atlassian.net domain to access Confluence. However, it’s still a good idea to keep your version of Confluence up to date. A patch management tool can help you with that.
You can install these patches using SanerNow. SanerNow Vulnerability Management, Risk Prioritization, and Patch Management detect and automatically fix vulnerabilities with risk-based remediation. With SanerNow, you can keep your systems updated and secure.