CVE-2023-22522
Published: 06 December 2023
Summary
CVE-2023-22522 is a high-severity Injection (CWE-74) vulnerability in Atlassian Confluence Data Center. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-22522 is a template injection vulnerability affecting Confluence Data Center and Server instances that are publicly accessible. The flaw permits an attacker to supply unsafe user input into a Confluence page, which is then processed by the template engine. Atlassian Cloud sites hosted under atlassian.net domains are explicitly stated to be unaffected.
An authenticated user, including one granted anonymous access, can exploit the issue to achieve remote code execution on the affected server. The vulnerability carries a CVSS 3.1 score of 8.8 with network attack vector, low complexity, and no user interaction required, enabling full compromise of confidentiality, integrity, and availability.
The referenced Atlassian advisory and associated Jira issue direct administrators to apply the patches listed for the impacted Confluence Server and Data Center versions and emphasize that immediate remediation is required for any exposed instances.
EPSS for the CVE rose from a low baseline to a peak of 0.4229 before receding to the current value of 0.1620, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-26662
Vulnerability details
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly…
more
accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.