Last week (January 16th), Atlassian released it’s January 2024 Security Bulletin. Included with the bulletin was a patch for CVE-2023-22527, a remote code execution vulnerability in Confluence Data Center and Confluence Server. Atlassian assigned a CVSS score of 10.0 to the vulnerability. Exploitation does not require authentication [1].
Article Link: https://isc.sans.edu/diary/rss/30576