CVE-2023-22505
Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
18/07/2023
Última modificación:
31/07/2023
Descripción
*** Pendiente de traducción *** This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server.<br />
<br />
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.<br />
<br />
Atlassian recommends that you upgrade your instance to latest version. If you&#39;re unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] <br />
<br />
This vulnerability was discovered by a private user and reported via our Bug Bounty program.
Impacto
Puntuación base 3.x
8.80
Gravedad 3.x
ALTA
Productos y versiones vulnerables
CPE | Desde | Hasta |
---|---|---|
cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* | 8.0.0 (incluyendo) | 8.3.2 (excluyendo) |
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* | 8.0.0 (incluyendo) | 8.3.2 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página