Atlassian has warned of a critical vulnerability in out-of-date Confluence Data Center and Server versions, tracked as CVE-2023-22527, that could be exploited for remote code execution without authentication. The issue is described as a template injection flaw and has a CVSS score of 10. All out-of-date Confluence 8 versions released before Dec. 5, 2023, and Confluence version 8.4.5 are impacted. Confluence 7.19.x Long Term Support (LTS) versions and Atlassian Cloud instances are not affected. Atlassian urges customers to update to the latest Confluence versions (8.5.5 LTS and 8.7.2), and the patches will be backported to all LTS versions that have not reached end-of-life.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.