Article

Atlassian has resolved vulnerabilities in various products including Confluence and Jira, particularly focusing on CVE-2023-22527, which has a maximum CVSS score of 10. A proof of concept code has been released, increasing urgency and prompting the National Cyber Security Centre (NCSC) to raise its threat assessment to 'High/High'.

This indicates a significant risk of exploitation and potential damage. The vulnerability allows arbitrary code execution through template injection on vulnerable Confluence Data Center and Server systems without requiring login credentials.

Systems directly connected to the internet are easily discoverable by malicious actors, heightening the risk of exploitation. According to Shadowserver Foundation, over 180 Atlassian Confluence environments are identified in the Netherlands. The vulnerability affects Confluence Data Center & Server versions prior to December 5, 2023, including version 8.4.5.