// For flags

CVE-2023-22505

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server.

This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.

Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).]

This vulnerability was discovered by a private user and reported via our Bug Bounty program.

*Credits: a private user
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-01-01 CVE Reserved
  • 2023-07-18 CVE Published
  • 2024-07-24 EPSS Updated
  • 2024-10-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://jira.atlassian.com/browse/CONFSERVER-88265 2023-07-31
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Atlassian
Search vendor "Atlassian"
 Confluence Data Center
Search vendor "Atlassian" for product "Confluence Data Center"
 >= 8.0.0 < 8.3.2
Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 8.0.0 < 8.3.2"
-
Affected
Atlassian
Search vendor "Atlassian"
 Confluence Server
Search vendor "Atlassian" for product "Confluence Server"
 >= 8.0.0 < 8.3.2
Search vendor "Atlassian" for product "Confluence Server" and version " >= 8.0.0 < 8.3.2"
-
Affected