This document has been written for the IT teams of organisations and government.
Background / What has happened?
ASD’s ACSC is tracking a remote code execution (RCE) vulnerability in Atlassian Confluence Data Center and Confluence Server.
CVE-2023-22527 is a template injection vulnerability, in all but the most recent versions of Confluence Data Center and Server, that allows an unauthenticated attacker to achieve RCE.
Affected versions include Server 8 versions released before 05 December 2023 and 8.4.5.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
ASD’s ACSC is not aware of active exploitation of CVE-2023-22527 at this time.
Mitigation / How do I stay secure?
Australian organisations should review their networks for use of vulnerable instances of Atlassian Confluence Data Center and Confluence Server, and consult Atlassian’s customer advisory for mitigation advice.
Assistance / Where can I go for help?
ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).