CVE-2023-22527
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 01, 2023
- Published Date
- January 16, 2024
- Last Updated
- February 13, 2025
- Vendor
- Atlassian
- Product
- Confluence Data Center, Confluence Server
- Description
- A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
CVSS Scores
CVSS v3.0
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-01-24 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2023_22527.rb | 2025-04-29 11:01:20 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22527.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
atlassian_confluence_rce_cve_2023_22527
Type: metasploit • Created: Unknown
M0untainShley/CVE-2023-22527-MEMSHELL
Type: github • Created: 2024-02-26 02:34:44 UTC • Stars: 40
Boogipop/CVE-2023-22527-Godzilla-MEMSHELL
Type: github • Created: 2024-02-11 16:46:55 UTC • Stars: 74
adminlove520/CVE-2023-22527
Type: github • Created: 2024-01-25 10:52:39 UTC • Stars: 5
Privia-Security/CVE-2023-22527
Type: github • Created: 2024-01-24 21:29:59 UTC • Stars: 4
yoryio/CVE-2023-22527
Type: github • Created: 2024-01-24 04:44:59 UTC • Stars: 4
RevoltSecurities/CVE-2023-22527
Type: github • Created: 2024-01-23 17:07:15 UTC • Stars: 10
Chocapikk/CVE-2023-22527
Type: github • Created: 2024-01-23 10:55:28 UTC • Stars: 10
Niuwoo/CVE-2023-22527
Type: github • Created: 2024-01-23 09:28:53 UTC • Stars: 2
C1ph3rX13/CVE-2023-22527
Type: github • Created: 2024-01-23 08:53:46 UTC • Stars: 4
Vozec/CVE-2023-22527
Type: github • Created: 2024-01-23 08:06:15 UTC • Stars: 12
VNCERT-CC/CVE-2023-22527-confluence
Type: github • Created: 2024-01-23 07:10:55 UTC • Stars: 19
Manh130902/CVE-2023-22527-POC
Type: github • Created: 2024-01-23 02:17:36 UTC • Stars: 21
thanhlam-attt/CVE-2023-22527
Type: github • Created: 2024-01-22 19:02:59 UTC • Stars: 5
Drun1baby/CVE-2023-22527
Type: github • Created: 2024-01-22 11:38:55 UTC • Stars: 2
ga0we1/CVE-2023-22527_Confluence_RCE
Type: github • Created: 2024-01-17 10:21:00 UTC • Stars: 1
Sudistark/patch-diff-CVE-2023-22527
Type: github • Created: 2024-01-16 13:50:49 UTC • Stars: 3
Avento/CVE-2023-22527_Confluence_RCE
Type: github • Created: 2024-01-16 08:46:21 UTC • Stars: 24