Share
## https://sploitus.com/exploit?id=E3867F9E-A1DF-5CB7-833A-7923D44DA739
# CVE-2023-22527

### CVE-2023-22527 - Server-side Template Injection (SSTI) vulnerability allowing Remote Code Execution (RCE) In Confluence Data Center and Confluence Server

![image](https://github.com/yoryio/CVE-2023-22527/assets/134471901/c1fe76f3-102f-440a-8028-c29fba4e8f53)


*Products and Versions affected:*

| Product                           | Affected Versions                                        |
| :-------------------------------- | :------------------------------------------------------- |
| Confluence Data Center and Server | 8.0.x <br />8.2.x<br />8.3.x<br />8.4.x<br />8.5.0-8.5.3 |

- **CVSS:** 10.0
- **Actively Exploited:** [YES](https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog)
- **Patch:** [YES](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html)
- **Mitigation:** NO

# Help

```
usage: CVE-2023-22527.py [-h] -u URL [-c COMMAND]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Atlassian Confluence Server URL
  -c COMMAND, --command COMMAND
                        Command to Execute
```

**Example:** `python CVE-2023-22527.py -u https://10.10.12.2 -c whoami`

# Lab

You can use Try Hack Me's Room [Confluence CVE-2023-22515](https://tryhackme.com/room/confluence202322515) to test the exploit because it also runs a vulnerable version affected by **CVE-2023-22527**.

# Vision of Atlassian Confluence Servers by SHADOWSERVER:

![map](https://github.com/yoryio/CVE-2023-22527/assets/134471901/e39842f1-7db5-4a65-a9f1-7ad9ef3b583a)


# References
- [Where are they now? Starring: Confluence CVE-2023-22527](https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/)
- [Atlassian Confluence - Remote Code Execution (CVE-2023-22527)](https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/)
- [Shadowserver Atlassian Statistics](https://dashboard.shadowserver.org/statistics/iot-devices/map/?day=2024-01-23&vendor=atlassian&model=confluence&geo=all&data_set=count&scale=log)
- [CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html)
- [GreyNoise Tag - Atlassian Confluence Template Injection RCE Attempt](https://viz.greynoise.io/tags/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527)
- [CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog)