Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Were out-of-dated versions like 5.x, 7.1.x, 7.4.x be affected by CVE-2023-22527?

dearjane_fan
dearjane_fan January 16, 2024

When this Critical severity RCE (Remote Code Execution) vulnerability was introduced? If the versions of my instances were 5.x, 7.1.x, 7.4.x, what else can I do except upgrading to 8.x? Or am I be affected by CVE-2023-22527?

Answer
Watch
Like Be the first to like this
344 views

2 answers

1 accepted

1 vote
Answer accepted
James Ponting
James Ponting
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2024

Hi @dearjane_fan

Please review the advisory we sent for CVE-2023-22527. It explicitly lists the impacted versions.

No versions prior to Confluence 8.0.0 are known to be impacted. The above listed versions should be fine, though I would note they're all impacted by other critical and high severity CVEs, and I would recommend upgrading to the latest Confluence 8.5.x LTS release if possible.

Thanks,
James Ponting
Engineering Manager - Confluence Data Center 

View More Comments
Charlie Marriott
Charlie Marriott
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2024

Hi @dearjane_fan

It's also worth saying that there are a significant number of functional improvements you will benefit from by upgrading Confluence:

Your 5.x upgrade is likely to involve the most effort as you will need to first move to 7.19.x:

Screenshot 2024-01-15 at 11.34.05 am.png

Please see the following documentation to assist with your upgrade:

I hope that helps!

Charlie

Like
dearjane_fan
dearjane_fan January 17, 2024

@James Ponting Thanks a lot!

Like Charlie Marriott likes this
dearjane_fan
dearjane_fan January 17, 2024

it would be helpful. Thank you @Charlie Marriott 

Like Charlie Marriott likes this
Reply
0 votes
Ste Wright
Ste Wright
Community Champion
January 16, 2024

Hi @dearjane_fan 

As the CVE mentions "out of date" versions, I'd recommend upgrading to be safe. Is there a reason you don't want to do this?

Ste

View More Comments
dearjane_fan
dearjane_fan January 17, 2024

Lol. Cause managers always say we cannot upgrade due to kinds of unsolved problems. Instead of upgrading the whole app, they would rather use minimal operations such as patches. But thanks a lot @Ste Wright 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.