"Atlassian Warns of Critical RCE Flaw in Older Confluence Versions"

Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical Remote Code Execution (RCE) flaw that affects all versions released before December 5, 2023, including out-of-support releases. The vulnerability, tracked as CVE-2023-22527 with a CVSS v3 score of 10.0, is a template injection vulnerability that allows unauthenticated attackers to carry out RCE on impacted Confluence endpoints. The many potential entry points and ability to use the flaw in chained attacks widen its scope to the point where it is difficult to identify definitive exploitation signs. This article continues to discuss the potential exploitation and impact of the critical RCE vulnerability. 

Bleeping Computer reports "Atlassian Warns of Critical RCE Flaw in Older Confluence Versions"

Submitted by grigby1