Note: This Emerging Threat is also published in the new Fortra Security & Trust Center - the new location for all Emerging Threats beginning in January 2025. Refer to Emerging Threats Moving to Fortra.com for more information on following Emerging Threats in their new location.
Fortra’s Alert Logic is researching a new template injection vulnerability on out-of-date versions of Confluence Data Center and Confluence Server. By exploiting this vulnerability (CVE-2023-22527), an unauthenticated attacker can achieve remote code execution. Customers are recommended to update to a patched version of Confluence Data Center and Server as soon as possible to resolve this vulnerability.
Who is affected?
Anyone using Confluence Data Center and Server between version 8.0.x and 8.5.3 is vulnerable.
What can I do?
Confluence recommends immediately patching a fixed version or the latest version of Confluence Data Center and Server, as listed below.
Product | Fixed Versions | Latest Versions |
Confluence Data Center and Server | 8.5.4 | 8.5.5 |
Confluence Data Center | 8.6.0 (Data Center Only) 8.7.1 (Data Center Only) |
8.7.2 (Data Center Only) |
For more information about the vulnerability and patched versions, refer to Confluence’s security bulletin.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities in addition to those listed below.
Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.
Network IDS: Alert Logic released IDS telemetry on January 22, 2024, to monitor for CVE-2024-24919 exploit activity.
Vulnerability Scanning: Alert Logic released scan coverage via banner detection on January 22, 2024. If the vulnerability is found, an exposure (EID: 251725) will be raised for CVE-2024-22527.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
Comments
0 comments
Please sign in to leave a comment.