#CVE-2023-22527 #RCE (Remote Code Execution) Vulnerability In #Confluence Data Center and Confluence Server with #CVSS v3: 10/10

Severity:
Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per our internal assessment.
This is our assessment, and you should evaluate its applicability to your own IT environment.

Affected Versions:
This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.

Note: 7.19.x LTS versions are not affected by this vulnerability

Product
Confluence Data Center and Server

Affected Versions
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3

https://www.opencve.io/cve/CVE-2023-22527

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html

PoC: https://github.com/cleverg0d/CVE-2023-22527/tree/main