# CVE-2023-22527

### CVE-2023-22527 - Server-side Template Injection (SSTI) vulnerability allowing Remote Code Execution (RCE) In Confluence Data Center and Confluence Server


*Products and Versions affected:*

| Product                           | Affected Versions                                        |
| :-------------------------------- | :------------------------------------------------------- |
| Confluence Data Center and Server | 8.0.x <br />8.2.x<br />8.3.x<br />8.4.x<br />8.5.0-8.5.3 |

- **CVSS:** 10.0
- **Actively Exploited:** [YES](
- **Patch:** [YES](
- **Mitigation:** NO

# Help

usage: [-h] -u URL [-c COMMAND]

  -h, --help            show this help message and exit
  -u URL, --url URL     Atlassian Confluence Server URL
  -c COMMAND, --command COMMAND
                        Command to Execute

**Example:** `python -u -c whoami`

# Lab

You can use Try Hack Me's Room [Confluence CVE-2023-22515]( to test the exploit because it also runs a vulnerable version affected by **CVE-2023-22527**.

# Vision of Atlassian Confluence Servers by SHADOWSERVER:


# References
- [Where are they now? Starring: Confluence CVE-2023-22527](
- [Atlassian Confluence - Remote Code Execution (CVE-2023-22527)](
- [Shadowserver Atlassian Statistics](
- [CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server](
- [GreyNoise Tag - Atlassian Confluence Template Injection RCE Attempt](
- [CISA Adds One Known Exploited Vulnerability to Catalog](