VDB
WID-SEC-W-2024-0085
WID-SEC-W-2024-0085
PUBLISHED
Confluence ist eine kommerzielle Wiki-Software.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian Confluence < 8.5.4 | ||
| Atlassian Confluence < 8.7.1 | ||
| Atlassian Confluence < 8.6.0 |
Exploit Intelligence
- Exploit for CVE-2023-22527 - Atlassian Confluence Data Center and Server (github-poc-repo)
- confluence CVE-2023-22527 漏洞利用工具,支持冰蝎/哥斯拉内存马注入,支持设置 http 代理 (github-poc-repo)
- confluence rce (CVE-2021-26084, CVE-2022-26134, CVE-2023-22527) (github-poc-repo)
- CVE-2023-22527 | RCE using SSTI in Confluence (github-poc-repo)
- Three go-exploits exploiting CVE-2023-22527 to execute arbitrary code in memory (github-poc-repo)
- thompson005/CVE-2023-22527 (github-poc-repo)
- Fully automated Confluence RCE exploit (CVE-2023-22527 + OGNL injection) 100% from scratch • Python • 2025 (github-poc-repo)
- ycseo-git/CVE-2023-22527 (github-poc-repo)
- ycseo-git/CVE-2023-22527 (github-poc)
- Fully automated Confluence RCE exploit (CVE-2023-22527 + OGNL injection) 100% from scratch • Python • 2025 (github-poc)
…and 40 more exploits
Timeline
- Jan 15, 2024 CVE Published
- Jan 21, 2024 CVE Updated
- Feb 8, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0085.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0085 advisory
- https://jira.atlassian.com/browse/CONFSERVER-93833 url
- https://github.com/advisories/GHSA-w64x-j9r3-q79q url
- https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/ url
- https://twitter.com/Shadowserver/status/1749372138685915645 url