CVE-2023-22527 PoC — Atlassian Confluence 安全漏洞

Source

Associated Vulnerability

Description

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC

Readme

# CVE-2023-22527 Confluence RCE 
CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC

## References
[CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server | Atlassian Support | Atlassian Documentation](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html?subid=1812250057&jobid=106379017&utm_campaign=confluence-critical-advisory_EML-17850&utm_medium=email&utm_source=alert-email)

[[CONFSERVER-93833\] RCE (Remote Code Execution) in Confluence Data Center and Server - CVE-2023-22527 - Create and track feature requests for Atlassian products.](https://jira.atlassian.com/browse/CONFSERVER-93833)

## Diff
![image-20240117093518010](https://laughing-markdown-pics.oss-cn-shenzhen.aliyuncs.com/image-20240117093518010.png)

## Keyword
Plugin,ognl

## Patch
``` java
protected boolean isBlockedVarRef(Node node) {
    String nodeClassName = node.getClass().getName();
    if ("ognl.ASTVarRef".equals(nodeClassName)) {
        String varRefValue = node.toString();
        if (BLOCKED_VAR_REFS.contains(varRefValue)) {
            if (!"#attr".equals(varRefValue)) {
                LOG.warn("Expression contains blocked var ref [{}]", varRefValue);
            }

            return true;
        }
    }

    return false;
}
```

File Snapshot

 [4.0K]  /data/pocs/b84cf7bbb80dcea51b00262b883d3d8f24eb6f6d
└── [1.4K]  README.md

0 directories, 1 file

Remarks