VYPR

Confluence Data Center

by Atlassian

CVEs (41)

  • CVE-2023-22527CriKEVJan 16, 2024
    risk 0.93cvss 9.8epss 1.00

    A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data…

  • CVE-2023-22518CriKEVOct 31, 2023
    risk 0.93cvss 9.8epss 1.00

    All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an…

  • CVE-2023-22515CriKEVOct 4, 2023
    risk 0.93cvss 9.8epss 0.99

    Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts…

  • CVE-2022-26134CriKEVJun 3, 2022
    risk 0.93cvss 9.8epss 1.00

    In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from…

  • CVE-2021-26084CriKEVAug 30, 2021
    risk 0.93cvss 9.8epss 1.00

    In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version…

  • CVE-2019-3396CriKEVMar 25, 2019
    risk 0.93cvss 9.8epss 1.00

    The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2…

  • CVE-2019-3398HigKEVApr 18, 2019
    risk 0.80cvss 8.8epss 0.97

    Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space…

  • CVE-2024-21683HigMay 21, 2024
    risk 0.67cvss 8.8epss 0.88

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high…

  • CVE-2022-26136CriJul 20, 2022
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in…

  • CVE-2019-3395CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.07

    The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send…

  • CVE-2021-26085MedKEVAug 3, 2021
    risk 0.63cvss 5.3epss 1.00

    Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

  • CVE-2023-22522HigDec 6, 2023
    risk 0.58cvss 8.8epss 0.13

    This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly…

  • CVE-2019-3394HigAug 29, 2019
    risk 0.58cvss 8.8epss 0.11

    There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under /confluence/WEB-INF…

  • CVE-2024-21686HigJul 16, 2024
    risk 0.57cvss 8.7epss 0.01

    This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which…

  • CVE-2024-21677HigMar 19, 2024
    risk 0.57cvss 8.8epss 0.01

    This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to…

  • CVE-2024-21673HigJan 16, 2024
    risk 0.57cvss 8.8epss 0.01

    This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an…

  • CVE-2024-21672HigJan 16, 2024
    risk 0.57cvss 8.8epss 0.01

    This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an…

  • CVE-2023-22526HigJan 16, 2024
    risk 0.57cvss 8.8epss 0.02

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact…

  • CVE-2023-22508HigJul 18, 2023
    risk 0.57cvss 8.8epss 0.02

    This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute…

  • CVE-2023-22505HigJul 18, 2023
    risk 0.57cvss 8.8epss 0.02

    This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary…

Page 1 of 3