- Description
- A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
- Source
- security@atlassian.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Atlassian Confluence Data Center and Server Template Injection Vulnerability
- Exploit added on
- Jan 24, 2024
- Exploit action due
- Feb 14, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
A critical vulnerability in Confluence (CVE-2023-22527) led to a rapid LockBit ransomware attack on Windows servers, exploiting tools like Mimikatz and RDP for swift lateral movement. 🚨💻 #LockBit #Confluence #USA link: https://t.co/wUi1GcKViX https://t.co/4xMQUyjxgO
@TweetThreatNews
26 Feb 2025
16 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Ransomware alert! Hackers are actively exploiting it to deploy LockBit ransomware. CVE-2023-22527: Critical Remote Code Execution vulnerability in Atlassian Confluence, allowing unauthenticated attackers to execute arbitrary code on affected servers. First… https:
@Loginsoft_Inc
25 Feb 2025
85 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber Threat Alert: Confluence Flaw to LockBit Exploit A critical Confluence vulnerability (CVE-2023-22527) is being exploited in a swift attack chain leading to LockBit ransomware encryption. https://t.co/jugiWblQVB #Cybersecurity #Ransomware
@adriananglin
25 Feb 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From Confluence Vulnerability (CVE-2023-22527) to LockBit Encryption: A Rapid Attack Chain Uncover the details of the LockBit encryption attack using remote code execution vulnerabilities in Confluence. Learn more https://t.co/EMaqpAUs8L
@the_yellow_fall
25 Feb 2025
402 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
The intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, ultimately leading to the deployment of LockBit ransomware across the environment. https://t.co/odkkfaphoW
@ngnicky
24 Feb 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new article from The DFIR Report provides details of an intrusion that began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, ultimately leading to the deployment of LockBit ransomware across the environment. https://t.co/Ug0XDN1qbV https://t.co/
@virusbtn
24 Feb 2025
2378 Impressions
18 Retweets
56 Likes
11 Bookmarks
0 Replies
1 Quote
🚨 Threat Alert: Confluence Exploit Leads to LockBit Ransomware 📅 Date: 2024-02-01 📆 Timeline: Exploitation of CVE-2023-22527 began on February 1, 2024, resulting in a rapid ransomware deployment within 2 hours. 📌 Attribution: LockBit affiliates, known for exploiting various…
@syedaquib77
24 Feb 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Confluence Exploit Leads to LockBit Ransomware https://t.co/1QiaHZ13ql Key Takeaways Case Summary The intrusion started with the exploitation of CVE-2023-22527, a critical remote code execution vulnerability in Confluence, against a Windows server. The first indication of threa…
@f1tym1
24 Feb 2025
35 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Our latest research uncovers the tactics of three threat actors exploiting CVE-2023-22527 in Confluence Data Center and Server. From deploying XMRig miners to targeting SSH endpoints, we dissect their methods. Check out the full article:
@TrendMicro
1 Dec 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2023-22527
@transilienceai
18 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2023-22527
@transilienceai
17 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Micro Search: Attacker Abuses Victim Resources to Reap Rewards from Titan Network: In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan… https://t.co/qKQAcsSYcW Check it out!
@jrimer2008
30 Oct 2024
48 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining https://t.co/48aGRRfmwg
@Dinosn
30 Oct 2024
5919 Impressions
35 Retweets
85 Likes
27 Bookmarks
3 Replies
1 Quote
Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining Learn about the disclosed #Atlassian #Confluence vulnerability and how attackers exploit it to hijack victim resources and conduct cryptomining activity on compromised systems https://t.co/MglnLAPxlr
@the_yellow_fall
30 Oct 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98686E6C-5D52-4EDB-A580-CE01009BADBA",
"versionEndExcluding": "8.5.4",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FED19C83-6D8B-45B1-AAC3-F4C6B12C0E4D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82C2F4B6-A251-4D8B-8624-99079E50E331",
"versionEndExcluding": "8.5.4",
"versionStartIncluding": "8.0.0"
}
],
"operator": "OR"
}
]
}
]