{"uuid": "ed9a4d5c-b344-4432-9338-90ac0f45ec71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22527", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/199", "content": "Atlassian Confluence - Remote Code Execution (CVE-2023-22527)\n\n\ud83d\udc64 by Rahul Maini & Harsh Jaiswal\n\nCVE-2023-22527 is a critical vulnerability within Atlassian's Confluence Server and Data Center. This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence Instance, thereby enabling the execution of arbitrary code and system commands.\n\n\ud83d\udcdd Contents:\n\u25cf Technical Details\n    \u2022 Initial Analysis\n    \u2022 Identifying the Unauthenticated Attack Surface\n\u25cf OGNL Expression Evaluation\n\u25cf Remote Code Execution via OGNL Injection\n\nhttps://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/", "creation_timestamp": "2024-01-22T10:28:35.000000Z"}