CVE-2023-22527 Confluence RCE

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC

References

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server | Atlassian Support | Atlassian Documentation

[CONFSERVER-93833] RCE (Remote Code Execution) in Confluence Data Center and Server - CVE-2023-22527 - Create and track feature requests for Atlassian products.

Diff

Keyword

Plugin,ognl

Patch

protected boolean isBlockedVarRef(Node node) {
    String nodeClassName = node.getClass().getName();
    if ("ognl.ASTVarRef".equals(nodeClassName)) {
        String varRefValue = node.toString();
        if (BLOCKED_VAR_REFS.contains(varRefValue)) {
            if (!"#attr".equals(varRefValue)) {
                LOG.warn("Expression contains blocked var ref [{}]", varRefValue);
            }

            return true;
        }
    }

    return false;
}

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

CVE-2023-22527 Confluence RCE

References

Diff

Keyword

Patch

About

Releases

Packages

ga0we1/CVE-2023-22527_Confluence_RCE

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

CVE-2023-22527 Confluence RCE

References

Diff

Keyword

Patch

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages