We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

    • Severity 1 - Critical
    • 9
    • Critical
    • CVE-2023-22522
    • CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
    • RCE (Remote Code Execution)
    • Confluence Data Center, Confluence Server

      Summary of Vulnerability

      This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve RCE on an affected instance. Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See “What You Need to Do” for detailed instructions.

      Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

      Affected Versions

      Product Affected Versions
      Confluence Data Center and Server
      • 4.x.x
      • 5.x.x
      • 6.x.x
      • 7.x.x
      • 8.0.x
      • 8.1.x
      • 8.2.x
      • 8.3.x
      • 8.4.0
      • 8.4.1
      • 8.4.2
      • 8.4.3
      • 8.4.4
      • 8.5.0
      • 8.5.1
      • 8.5.2
      • 8.5.3
      Confluence Data Center
      • 8.6.0
      • 8.6.1

      Fixed Versions

      Product Fixed Versions
      Confluence Data Center and Server
      • 7.19.17 (LTS)
      • 8.4.5
      • 8.5.4 (LTS)
      Confluence Data Center
      • 8.6.2 or later (Data Center Only)
      • 8.7.1 or later (Data Center Only)

      What You Need To Do

      Immediately patch to a fixed version

      Atlassian recommends that you patch each of your affected installations to the latest version or one of the listed fixed versions below.

      Product Fixed Versions
      Confluence Data Center and Server
      • 7.19.17 (LTS)
      • 8.4.5
      • 8.5.4 (LTS)
      Confluence Data Center
      • 8.6.2 or later (Data Center Only)
      • 8.7.1 or later (Data Center Only)

      For additional details, please see full advisory.

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

              • Severity 1 - Critical
              • 9
              • Critical
              • CVE-2023-22522
              • CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
              • RCE (Remote Code Execution)
              • Confluence Data Center, Confluence Server

                Summary of Vulnerability

                This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve RCE on an affected instance. Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See “What You Need to Do” for detailed instructions.

                Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

                Affected Versions

                Product Affected Versions
                Confluence Data Center and Server
                • 4.x.x
                • 5.x.x
                • 6.x.x
                • 7.x.x
                • 8.0.x
                • 8.1.x
                • 8.2.x
                • 8.3.x
                • 8.4.0
                • 8.4.1
                • 8.4.2
                • 8.4.3
                • 8.4.4
                • 8.5.0
                • 8.5.1
                • 8.5.2
                • 8.5.3
                Confluence Data Center
                • 8.6.0
                • 8.6.1

                Fixed Versions

                Product Fixed Versions
                Confluence Data Center and Server
                • 7.19.17 (LTS)
                • 8.4.5
                • 8.5.4 (LTS)
                Confluence Data Center
                • 8.6.2 or later (Data Center Only)
                • 8.7.1 or later (Data Center Only)

                What You Need To Do

                Immediately patch to a fixed version

                Atlassian recommends that you patch each of your affected installations to the latest version or one of the listed fixed versions below.

                Product Fixed Versions
                Confluence Data Center and Server
                • 7.19.17 (LTS)
                • 8.4.5
                • 8.5.4 (LTS)
                Confluence Data Center
                • 8.6.2 or later (Data Center Only)
                • 8.7.1 or later (Data Center Only)

                For additional details, please see full advisory.

                        Unassigned Unassigned
                        smoorthy Sharada Moorthy (Inactive)
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        34 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            Unassigned Unassigned
                            smoorthy Sharada Moorthy (Inactive)
                            Votes:
                            0 Vote for this issue
                            Watchers:
                            34 Start watching this issue

                              Created:
                              Updated:
                              Resolved: