SecuriXy.kz
9.3K subscribers
483 photos
22 videos
18 files
393 links
Все самое интересное из мира информ. безопасности и IT 👍🏻
Обсуждаем, делимся, умнеем
https://securixy.kz

Обратная связь - @feedback_securixy_bot

Хахатушки - @memekatz
Hack the Box RUS - @HTB_RUS
Download Telegram
#CVE-2023-22527 #RCE (Remote Code Execution) Vulnerability In #Confluence Data Center and Confluence Server with #CVSS v3: 10/10

Severity:
Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per our internal assessment.
This is our assessment, and you should evaluate its applicability to your own IT environment.

Affected Versions:
This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.

Note: 7.19.x LTS versions are not affected by this vulnerability

Product
Confluence Data Center and Server

Affected Versions
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3

https://www.opencve.io/cve/CVE-2023-22527

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html

PoC: https://github.com/cleverg0d/CVE-2023-22527/tree/main