Rewterz Threat Advisory – Atlassian Confluence Data Center and Server Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-22505 CVSS:8

An unspecified error in Atlassian Confluence Data Center and Atlassian Confluence Server could allow a remote authenticated attacker to execute arbitrary code on the system.

CVE-2023-22508 CVSS:8.5

An unspecified error in Atlassian Confluence Data Center and Atlassian Confluence Server could allow a remote authenticated attacker to execute arbitrary code on the system.

Impact

• Code Execution

Indicators Of Compromise

CVE

• CVE-2023-22505
• CVE-2023-22508

Affected Vendors

Atlassian

Affected Products

• Atlassian Confluence Data Center 7.19.8
• Atlassian Confluence Server 7.19.8
• Atlassian Confluence Server 8.0.0
• Atlassian Confluence Data Center 8.0.0

Remediation

Refer to Atlassian Security Advisory for patch, upgrade or suggested workaround information. 

CVE-2023-22505

CVE-2023-22508