CVE-2023-22527

Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions 8.0.x through 8.5.3

Description A template injection vulnerability in older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve remote code execution (RCE) on an affected instance. The vulnerability is being actively exploited by threat actors, with over 39,000 attempts to exploit it recorded in just three days. The exploitation of this vulnerability can lead to unauthorized code execution, allowing attackers to install malware, steal sensitive data, or disrupt operations.

Recommendations To resolve the issue, update Confluence to version 8.5.4 or later. For versions prior to 8.5.4, apply the patch provided by Atlassian to fix the vulnerability. Additionally, consider implementing security measures such as restricting access to the vulnerable module, disabling the vulnerable function, and monitoring for suspicious activity.

Note: The provided information is based on the given input and does not include any external knowledge or information not present in the input.