How severe is CVE-2023-22522?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2023-22522?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2023-22522

CRITICAL Year: 2023

CVSS v3 Score

9.0

Critical

Weakness Type

CWE-74

View all →

Vulnerability Description

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

CVE-2021-21353

CRITICAL

CVSS:9.0(Critical)

Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a u...

CWE-742021

CVE-2023-43656

CRITICAL

CVSS:9.0(Critical)

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransform...

CWE-742023

CVE-2024-29027

CRITICAL

CVSS:9.0(Critical)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name ...

CWE-742024

CVE-2024-39604

CRITICAL

CVSS:9.0(Critical)

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An at...

CWE-742024

CVE-2014-7236

CRITICAL

CVSS:9.1(Critical)

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.

CWE-742014

CVE-2015-7544

CRITICAL

CVSS:9.1(Critical)

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary comma...

CWE-742015

CVE-2023-22522

Vulnerability Description

Related Vulnerabilities

CVE-2021-21353

CVE-2023-43656

CVE-2024-29027

CVE-2024-39604

CVE-2014-7236

CVE-2015-7544