According to its self-reported version number, the Atlassian Confluence application running on the remote host is 4.x prior to 7.19.17, 8.x prior to 8.4.5, 8.5.x prior to 8.5.4, 8.6.x prior to 8.6.2 or 8.7.x prior to 8.7.1. It is, therefore, affected by a template injection vulnerability which allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve RCE on an affected instance.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93502 advisory.

  - RCE in Confluence Data Center and Server (CVE-2023-22522)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
114125	Atlassian Confluence 8.5.x < 8.5.4 Template Injection	Web App Scanning	Component Vulnerability	12/6/2023	1/19/2024	high
114127	Atlassian Confluence 8.7.x < 8.7.1 Template Injection	Web App Scanning	Component Vulnerability	12/6/2023	1/19/2024	high
114123	Atlassian Confluence 4.x < 7.19.17 Template Injection	Web App Scanning	Component Vulnerability	12/6/2023	1/19/2024	high
114124	Atlassian Confluence 8.x < 8.4.5 Template Injection	Web App Scanning	Component Vulnerability	12/6/2023	1/19/2024	high
114126	Atlassian Confluence 8.6.x < 8.6.2 Template Injection	Web App Scanning	Component Vulnerability	12/6/2023	1/19/2024	high
186651	Atlassian Confluence 4.x < 7.19.17 / 7.20.x < 8.4.5 / 8.5.x < 8.5.4 / 8.6.x < 8.6.2 / 8.7.x < 8.7.1 (CONFSERVER-93502)	Nessus	CGI abuses	12/7/2023	6/5/2024	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high