CVE-2023-22527
CVSS Score
10.0
EPSS Score
0.0%
EPSS Percentile
0th
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
| Vendor | atlassian |
| Product | confluence data center |
| Ecosystems | |
| Industries | TechnologyEnterprise |
| Published | Jan 16, 2024 |
| Last Updated | Oct 21, 2025 |
⚠️ Actively Exploited — Act Now
Get instant alerts for atlassian confluence data center
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-22527.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Versions
Atlassian / Confluence Data Center
>= 8.0.0 >= 8.1.0 >= 8.2.0 >= 8.3.0 >= 8.4.0 >= 8.5.0 >= 8.5.1 >= 8.5.2 >= 8.5.3
Atlassian / Confluence Server
>= 8.0.0 >= 8.1.0 >= 8.2.0 >= 8.3.0 >= 8.4.0 >= 8.5.0 >= 8.5.1 >= 8.5.2 >= 8.5.3
References
confluence.atlassian.com: https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 jira.atlassian.com: https://jira.atlassian.com/browse/CONFSERVER-93833 packetstormsecurity.com: http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22527 vicarius.io: https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527
Credits
Petrus Viet