CVE-2023-22508
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to avoid this bug using the following options: * Upgrade to a Confluence feature release greater than or equal to 8.2.0 (ie: 8.2, 8.2, 8.4, etc...) * Upgrade to a Confluence 7.19 LTS bugfix release greater than or equal to 7.19.8 (ie: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc...) * Upgrade to a Confluence 7.13 LTS bugfix release greater than or equal to 7.13.20 (Release available early August) See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Data Center & Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). If you are unable to upgrade your instance please use the following guide to workaround the issue https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html This vulnerability was discovered by a private user and reported via our Bug Bounty program.
Esta vulnerabilidad RCE (ejecución remota de código) de alta gravedad conocida como CVE-2023-22508 se introdujo en la versión 6.1.0 de Confluence Data Center & Server. Esta vulnerabilidad RCE (ejecución remota de código), con una puntuación CVSS de 8.5, permite a un atacante autenticado ejecutar código arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y ninguna interacción del usuario. Atlassian recomienda actualizar su instancia para evitar este error utilizando las siguientes opciones: * Actualizar a una versión de función de Confluence mayor o igual a 8.2.0 (es decir, 8.2, 8.2, 8.4, etc...) * Actualizar a una versión de corrección de errores de Confluence 7.19 LTS mayor o igual a 7.19.8 (es decir: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc.) * Actualice a una versión de corrección de errores Confluence 7.13 LTS mayor o igual a 13.7.20 (Lanzamiento disponible a principios de agosto) Consulte las notas de la versión (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). Puede descargar la última versión de Data Center & Server desde el centro de descargas (https://www.atlassian.com/software/confluence/download-archives). Si no puede actualizar su instancia, utilice la siguiente guía para solucionar el problema https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html Esta vulnerabilidad fue descubierta por un usuario privado y reportada a través de nuestro programa Bug Bounty.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-01-01 CVE Reserved
- 2023-07-18 CVE Published
- 2024-07-24 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jira.atlassian.com/browse/CONFSERVER-88221 | 2023-12-21 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center" | >= 6.1.0 < 7.13.20 Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 6.1.0 < 7.13.20" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center" | >= 7.14.0 < 7.19.8 Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 7.14.0 < 7.19.8" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center" | >= 7.20.0 < 8.2.0 Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 7.20.0 < 8.2.0" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | >= 6.1.0 < 7.13.20 Search vendor "Atlassian" for product "Confluence Server" and version " >= 6.1.0 < 7.13.20" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | >= 7.14.0 < 7.19.8 Search vendor "Atlassian" for product "Confluence Server" and version " >= 7.14.0 < 7.19.8" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | >= 7.20.0 < 8.2.0 Search vendor "Atlassian" for product "Confluence Server" and version " >= 7.20.0 < 8.2.0" | - |
Affected
| ||||||