/CVE-2023-22527_Confluence_RCE

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC

CVE-2023-22527 Confluence RCE

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC

References

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server | Atlassian Support | Atlassian Documentation

[CONFSERVER-93833] RCE (Remote Code Execution) in Confluence Data Center and Server - CVE-2023-22527 - Create and track feature requests for Atlassian products.

Diff

image-20240117093518010

Keyword

Plugin,ognl

Patch

protected boolean isBlockedVarRef(Node node) {
    String nodeClassName = node.getClass().getName();
    if ("ognl.ASTVarRef".equals(nodeClassName)) {
        String varRefValue = node.toString();
        if (BLOCKED_VAR_REFS.contains(varRefValue)) {
            if (!"#attr".equals(varRefValue)) {
                LOG.warn("Expression contains blocked var ref [{}]", varRefValue);
            }

            return true;
        }
    }

    return false;
}