Atlassian Confluence Remote Code Execution (CVE-2023-22527)
Description
What is the Vulnerability? |
On Jan 16 2024, Atlassian released an advisory for a template injection vulnerability on Confluence Data Center and Server. That can allow an unauthenticated attacker to remotely execute malicious code on affected versions. This vulnerability is rated with a severity level of 10.0 (Critical).
|
What is the Vendor Solution? | Atlassian highly recommend to apply the latest version available as listed on their advisory. [ Link ] |
What FortiGuard Coverage is available? |
FortiGuard Labs has an IPS signature "Atlassian.Confluence.CVE-2023-22527.Remote.Code.Execution" in place for CVE-2023-22527. The FortiGuard is seeing active exploitation attempts on this vulnerability. |
Appendix
Atlassian (Advisory and Mitigation)
✖