Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2023-22505

Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
18/07/2023
Última modificación:
31/07/2023

Descripción

*** Pendiente de traducción *** This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center &amp; Server.<br /> <br /> This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.<br /> <br /> Atlassian recommends that you upgrade your instance to latest version. If you&amp;#39;re unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center &amp; Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] <br /> <br /> This vulnerability was discovered by a private user and reported via our Bug Bounty program.

Productos y versiones vulnerables

CPE Desde Hasta
cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* 8.0.0 (incluyendo) 8.3.2 (excluyendo)
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* 8.0.0 (incluyendo) 8.3.2 (excluyendo)


Referencias a soluciones, herramientas e información