CVE-2023-22527
Description
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.
Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Severity: CRITICAL
CVE ID: CVE-2023-22527
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVE ID: CVE-2023-22527
CVSS Score: 10.0
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-22527
Refrence: Project Discovery GitHub
Avento
CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC
Refrence: GitHub
Sudistark
Refrence: GitHub
ga0we1
CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC
Refrence: GitHub
Drun1baby
Refrence: GitHub
cleverg0d
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.
Refrence: GitHub
thanhlam-attt
Refrence: GitHub
Manh130902
A critical severity Remote Code Execution (RCE) vulnerability (CVE-2023-22527) was discovered in Confluence Server and Data Center.
Refrence: GitHub
VNCERT-CC
[Confluence] CVE-2023-22527 realworld poc
Refrence: GitHub
Vozec
This repository presents a proof-of-concept of CVE-2023-22527
Refrence: GitHub
C1ph3rX13
Atlassian Confluence - Remote Code Execution (CVE-2023-22527)
Refrence: GitHub
Niuwoo
POC
Refrence: GitHub
Chocapikk
Atlassian Confluence - Remote Code Execution
Refrence: GitHub
RevoltSecurities
An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22527 leads to RCE
Refrence: GitHub
yoryio
Exploit for CVE-2023-22527 - Atlassian Confluence Data Center and Server
Refrence: GitHub
Privia-Security
CVE-2023-22527
Refrence: GitHub
MaanVader
Atlassian Confluence Remote Code Execution(RCE) Proof Of Concept
Refrence: GitHub
adminlove520
CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC
Refrence: GitHub
YongYe-Security
CVE-2023-22527 Batch scanning
Refrence: GitHub
Boogipop
CVE-2023-22527 内存马注入工具
Refrence: GitHub
M0untainShley
confluence CVE-2023-22527 漏洞利用工具,支持冰蝎/哥斯拉内存马注入,支持设置 http 代理
Refrence: GitHub
vulncheck-oss
Three go-exploits exploiting CVE-2023-22527 to execute arbitrary code in memory
Refrence: GitHub
Content on GitHub
gobysec | watchers:678
GobyVuls
Vulnerabilities of Goby supported with exploitation.
Refrence: GitHub
gobysec | watchers:1337
Goby
Attack surface mapping
Refrence: GitHub