Updated:
Status:
CVEs:
Fortra is researching a new template injection vulnerability on out-of-date versions of Confluence Data Center and Confluence Server. By exploiting this vulnerability (CVE-2023-22527), an unauthenticated attacker can achieve remote code execution. Customers are recommended to update to a patched version of Confluence Data Center and Server as soon as possible to resolve this vulnerability.
Who is affected?
Anyone using Confluence Data Center and Server between version 8.0.x and 8.5.3 is vulnerable.
What can I do?
Confluence recommends immediately patching a fixed version or the latest version of Confluence Data Center and Server, as listed below.
| Product | Fixed Versions | Latest Versions |
| Confluence Data Center and Server | 8.5.4 | 8.5.5 |
| Confluence Data Center | 8.6.0 (Data Center Only) 8.7.1 (Data Center Only) | 8.7.2 (Data Center Only) |
For more information about the vulnerability and patched versions, refer to Confluence’s security bulletin.
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities in addition to those listed below.
Alert Logic Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.
Alert Logic Network IDS: Alert Logic released IDS telemetry on January 22, 2024, to monitor for CVE-2024-24919 exploit activity.
Alert Logic Vulnerability Scanning: Alert Logic released scan coverage via banner detection on January 22, 2024. If the vulnerability is found, an exposure (EID: 251725) will be raised for CVE-2024-22527.
Core Impact: On January 26, 2024, "Atlassian Confluence text-inline OGNL Injection Vulnerability Exploit" - CVE-2023-22527 CVSS 10 Critical - was delivered to Core Impact customers.
It asserts the OGNL injection vulnerability in Atlassian Confluence that allows unauthenticated remote attackers to execute OS system commands. The exploit was tested against Atlassian Confluence 8.5.3 running on Windows Server 2022 Datacenter and Linux Ubuntu.
Tripwire IP360: Tripwire released unauthenticated scan coverage on January 24, 2024, to identify vulnerable instances. If the vulnerability is found, vulnerability 602428 will match for CVE-2023-22527.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. T
