iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Vulnerabilities in Atlassian Confluence Data Center and Confluence Server could lead to remote code execution.
The Australian Signal Directorate’s Australian Cyber Security Centre (ACSC) has released a critical alert concerning a remote code execution vulnerability in Atlassian Confluence Data Center and Confluence Server.
The ACSC is asking users of the Atlassian software to upgrade immediately.
“CVE-2023-22527 is a template injection vulnerability, in all but the most recent versions of Confluence Data Center and Server, that allows an unauthenticated attacker to achieve RCE,” the ACSC said in its alert notice.
“Affected versions include Server 8 versions released before 05 December 2023 and 8.4.5.”
According to the ACSC, the bug is not being actively exploited. Atlassian has also released its own advice.
“If you are on an out-of-date version, you must immediately patch,” Atlassian said in a security update.
“Atlassian recommends that you patch each of your affected installations to the latest version available. The listed Fixed Versions are no longer the most up-to-date and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin.”
Security researcher Petrus Viet discovered and shared the flaw via Atlassian’s bug bounty program.
“I discovered the CVE-2023-22527 vulnerability leading to unauthenticated RCE on Confluence,” Viet wrote in a post on X.
“Unfortunately, it couldn’t be exploited on the latest versions. Nevertheless, Atlassian still awarded me a bounty as an encouragement. So nice.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
