CVE-2023-22522

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 6, 2023
Updated: Dec 11, 2023
CWE ID 74

Summary

CVE-2023-22522 is a Template Injection vulnerability that allows an authenticated attacker to inject unsafe user input into a Confluence page, resulting in Remote Code Execution (RCE). This vulnerability affects publicly accessible Confluence Data Center and Server versions. Atlassian Cloud sites hosted by Atlassian are not affected. The recommended remediation is to apply the necessary security patches or updates provided by Atlassian. The potential danger of this vulnerability is high, as it allows attackers to execute arbitrary code on the affected instance, potentially leading to unauthorized access, data breaches, and other malicious activities.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-22522 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options