Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22526


This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program


Published

2024-01-16T05:15:07.933

Last Modified

2025-06-20T17:15:30.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-94
  • Type: Secondary
    CWE-94

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application atlassian confluence_data_center < 7.19.17 Yes
Application atlassian confluence_data_center < 8.5.5 Yes
Application atlassian confluence_data_center < 8.7.2 Yes
Application atlassian confluence_server < 7.19.17 Yes
Application atlassian confluence_server < 8.5.5 Yes
Application atlassian confluence_server ≤ 8.7.2 Yes

References