CVE-2023-22522

Name of the Vulnerable Software and Affected Versions Atlassian Confluence Server versions 4.x.x through 8.5.3 Atlassian Confluence Data Center versions 4.x.x through 8.6.1

Description This issue allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page, achieving Remote Code Execution (RCE) on an affected instance. Atlassian Cloud sites are not affected by this issue. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Recommendations Immediately patch to a fixed version. For Confluence Data Center and Server, update to version 7.19.17 (LTS), 8.4.5, or 8.5.4 (LTS). For Confluence Data Center, update to version 8.6.2 or later, or 8.7.1 or later.