Published: January 23, 2024


An RCE (Remote Code Execution) vulnerability, CVE-2023-22527 (CVSS score: 10.0), has been disclosed by Atlassian in their Confluence Data Center and Confluence Server. The vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible installations. According to security researchers, thousands of attempts were made to attack vulnerable servers in the last three days.


A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per their internal assessment.

Applicable Versions

Affected VersionsNot Affected Versions
Confluence Data Center and Server
8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3
Confluence Data Center and Server
8.5.4 (LTS)
Confluence Data Center
8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3
Confluence Data Center
8.6.0 (Data Center Only), 8.7.1 (Data Center Only)

Mitigations and Workarounds

There are no known workarounds. To remediate this vulnerability, update each affected product installation to the latest version.

Best Practices

It is recommended to perform vulnerability assessments regularly and apply missing patches or upgrades.

Netsurion Detection and Response

Netsurion researchers are continuously monitoring the exploits of this vulnerability. Netsurion’s vulnerability management system will detect the vulnerability CVE-2023-22527 for customers who have subscribed to Netsurion Vulnerability Management.