HTTP: Server Side Template Injection in Confluence Data Center and Confluence Server
This signature detects attempts to exploit a known vulnerability against Confluence Data Center and Confluence Server. A successful attack can lead to arbitrary code execution.
Extended Description
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassians January Security Bulletin.
Affected Products
Atlassian confluence_data_center
References
CVE: CVE-2023-22527
Short Name
HTTP:CTS:CONFLUENCE-SSTI-DC-CS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2023-22527 Center Confluence Data Injection Server Side Template and in
Release Date
01/31/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3712
False Positive
Unknown
Vendors
Atlassian