overview

A critical remote code execution vulnerability (CVE-2023-22527), found in outdated Atlassian Confluence servers, is currently being exploited by attackers. This flaw, given a CVSS score of 10, exposes vulnerable Confluence Data Center and Confluence Server endpoints (versions 8.0.x to 8.5.3) to unauthenticated remote code execution.  

CVE-2023-22527 allows attackers to execute code and gather system information - impacting Confluence versions released before December 5, 2023. 5, 2023. Exploitation involves template injection weakness, providing attackers the ability to execute code. So far, thousands of exploitation attempts have been recorded, originating from over 600 unique IP addresses, with over 39,000 attempts logged. Most attacks have been traced back to Russian IP addresses.  

Fortunately, there is a fix available for Confluence Data Center and Server versions 8.5.4 (LTS), 8.6.0 (Data Center only), ad 8.7.1 (Data Center only) and later versions. Please note that end-of-life instances (version 8.4.5 and before) are affected and won't receive a patch. Avertium recommends that all users patch as soon as possible, as there are no mitigations or workarounds available.  

 

 

avertium's recommendationS

  • Avertium recommends adhering to the patching guidelines found in Atlassian’s Advisory under “What You Need to Do 
  • If you already upgraded to the Confluence versions released in Atlassian’s December update, then you don’t need to do anything further.  
  • Confluence end-of-life version 8.4.5 and prior, will not receive patches.  
    • Cloud instances are not impacted.  

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-22527. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  
    • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
    • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
    • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).
  • We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 





 

SUPPORTING DOCUMENTATION

Hackers start exploiting critical Atlassian Confluence RCE flaw (bleepingcomputer.com) 

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server | Atlassian Support | Atlassian Documentation 

Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE (darkreading.com) 

CVE-2023-22522 - RCE Vulnerability In Confluence Data Center and Confluence Server | Atlassian Support | Atlassian Documentation 

 
Chat With One of Our Experts



remote code execution Remote Code Execution (RCE) vulnerabilities Flash Notice Confluence Atlassian Critical Vulnerability Atlassian Confluence Blog