CVE-2023-22522

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 6, 2023

Updated: Dec 11, 2023

CWE ID 74

Summary

CVE-2023-22522 is a Template Injection vulnerability affecting Confluence Data Center and Server versions. Authenticated attackers, including those with anonymous access, can inject unsafe user input into a Confluence page, leading to Remote Code Execution (RCE). Confluence instances with publicly accessible IP addresses are at risk and require immediate attention. Atlassian Cloud sites are not affected by this vulnerability, as they are hosted by Atlassian and not exposed to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tayXUl
https://www.cve.org/CVERecord?id=CVE-2023-22522
https://nvd.nist.gov/vuln/detail/CVE-2023-22522

Back to Vulnerability Database

CVE-2023-22522

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations