# N/A
## 漏洞概述
一个模版注入漏洞影响了 Confluence Data Center 和 Server 的较旧版本,允许未经授权的攻击者在受影响实例上实现远程代码执行(RCE)。
## 影响版本
- Confluence Data Center 较旧版本
- Confluence Server 较旧版本
## 细节
该漏洞允许攻击者在未经身份验证的情况下,通过模版注入实现 RCE。
## 影响
- 未受影响的版本包括 Confluence Data Center 和 Server 的最新支持版本,因为该漏洞已在常规版本更新中得到了缓解。
- Atlassian 建议用户更新到最新版本,以保护实例免受 Atlassian 一月安全公告中提到的非关键漏洞的影响。
是否为 Web 类漏洞: 是
判断理由:
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC | https://github.com/Avento/CVE-2023-22527_Confluence_RCE | POC详情 |
| 2 | None | https://github.com/Sudistark/patch-diff-CVE-2023-22527 | POC详情 |
| 3 | CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC | https://github.com/ga0we1/CVE-2023-22527_Confluence_RCE | POC详情 |
| 4 | None | https://github.com/Drun1baby/CVE-2023-22527 | POC详情 |
| 5 | A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. | https://github.com/cleverg0d/CVE-2023-22527 | POC详情 |
| 6 | A critical severity Remote Code Execution (RCE) vulnerability (CVE-2023-22527) was discovered in Confluence Server and Data Center. | https://github.com/Manh130902/CVE-2023-22527-POC | POC详情 |
| 7 | [Confluence] CVE-2023-22527 realworld poc | https://github.com/VNCERT-CC/CVE-2023-22527-confluence | POC详情 |
| 8 | This repository presents a proof-of-concept of CVE-2023-22527 | https://github.com/Vozec/CVE-2023-22527 | POC详情 |
| 9 | Atlassian Confluence - Remote Code Execution (CVE-2023-22527) | https://github.com/C1ph3rX13/CVE-2023-22527 | POC详情 |
| 10 | POC | https://github.com/Niuwoo/CVE-2023-22527 | POC详情 |
| 11 | Atlassian Confluence - Remote Code Execution | https://github.com/Chocapikk/CVE-2023-22527 | POC详情 |
| 12 | An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22527 leads to RCE | https://github.com/sanjai-AK47/CVE-2023-22527 | POC详情 |
| 13 | Exploit for CVE-2023-22527 - Atlassian Confluence | https://github.com/yoryio/CVE-2023-22527 | POC详情 |
| 14 | None | https://github.com/thanhlam-attt/CVE-2023-22527 | POC详情 |
| 15 | CVE-2023-22527 | https://github.com/Privia-Security/CVE-2023-22527 | POC详情 |
| 16 | Atlassian Confluence Remote Code Execution(RCE) Proof Of Concept | https://github.com/MaanVader/CVE-2023-22527-POC | POC详情 |
| 17 | CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC | https://github.com/adminlove520/CVE-2023-22527 | POC详情 |
| 18 | CVE-2023-22527 Batch scanning | https://github.com/YongYe-Security/CVE-2023-22527 | POC详情 |
| 19 | CVE-2023-22527 内存马注入工具 | https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL | POC详情 |
| 20 | confluence CVE-2023-22527 漏洞利用工具,支持冰蝎/哥斯拉内存马注入,支持设置 http 代理 | https://github.com/M0untainShley/CVE-2023-22527-MEMSHELL | POC详情 |
| 21 | Three go-exploits exploiting CVE-2023-22527 to execute arbitrary code in memory | https://github.com/vulncheck-oss/cve-2023-22527 | POC详情 |
| 22 | An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22527 leads to RCE | https://github.com/RevoltSecurities/CVE-2023-22527 | POC详情 |
| 23 | PoC for the NAPLISTENER exploit: https://nvd.nist.gov/vuln/detail/CVE-2023-22527 (Purpose: To practice automating exploits) | https://github.com/ttate10/CVE-2023-22527 | POC详情 |
| 24 | CVE-2023-22527 | RCE using SSTI in Confluence | https://github.com/kh4sh3i/CVE-2023-22527 | POC详情 |
| 25 | script for exploiting CVE-2023-22527, which is described as a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence | https://github.com/AxthonyV/CVE-2023-22527 | POC详情 |
| 26 | A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22527.yaml | POC详情 |
| 27 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Confluence%20OGNL%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B3%A8%E5%85%A5%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-22527.md | POC详情 |
| 28 | https://github.com/vulhub/vulhub/blob/master/confluence/CVE-2023-22527/README.md | POC详情 | |
| 29 | None | https://github.com/thompson005/CVE-2023-22527 | POC详情 |
| 30 | Fully automated Confluence RCE exploit (CVE-2023-22527 + OGNL injection) 100% from scratch • Python • 2025 | https://github.com/mylo-2001/AtlassianPwn | POC详情 |
| 31 | CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC | https://github.com/anonymous-echo/CVE-2023-22527 | POC详情 |
暂无评论