VYPR

Confluence Data Center

by Atlassian

CVEs (41)

  • CVE-2022-26137HigJul 20, 2022
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this…

  • CVE-2021-39114HigApr 5, 2022
    risk 0.57cvss 8.8epss 0.02

    Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23,…

  • CVE-2024-21678HigFeb 20, 2024
    risk 0.55cvss 8.5epss 0.00

    This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high…

  • CVE-2024-21690HigAug 21, 2024
    risk 0.53cvss 8.2epss 0.01

    This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF…

  • CVE-2021-43940HigFeb 15, 2022
    risk 0.51cvss 7.8epss 0.00

    Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence…

  • CVE-2019-20406HigFeb 6, 2020
    risk 0.51cvss 7.8epss 0.00

    The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable…

  • CVE-2023-22512HigJan 16, 2024
    risk 0.50cvss 7.5epss 0.14

    This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by…

  • CVE-2024-21674HigJan 16, 2024
    risk 0.49cvss 7.5epss 0.02

    This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an…

  • CVE-2024-21703MedNov 27, 2024
    risk 0.42cvss 6.4epss 0.00

    This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows…

  • CVE-2023-22504MedMay 25, 2023
    risk 0.42cvss 6.5epss 0.01

    Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

  • CVE-2020-29450MedJan 19, 2021
    risk 0.42cvss 6.5epss 0.02

    Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.

  • CVE-2019-15006MedDec 19, 2019
    risk 0.42cvss 6.5epss 0.02

    There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence…

  • CVE-2018-20237MedFeb 13, 2019
    risk 0.42cvss 6.5epss 0.02

    Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

  • CVE-2023-22503MedMay 1, 2023
    risk 0.35cvss 5.3epss 0.01

    Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This…

  • CVE-2020-36290MedJul 26, 2022
    risk 0.35cvss 5.4epss 0.01

    The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site…

  • CVE-2020-29448MedFeb 22, 2021
    risk 0.35cvss 5.3epss 0.02

    The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories…

  • CVE-2020-14175MedJul 24, 2020
    risk 0.35cvss 5.4epss 0.01

    Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before…

  • CVE-2021-26072MedApr 1, 2021
    risk 0.31cvss 4.3epss 0.39

    The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.

  • CVE-2020-4027MedJul 1, 2020
    risk 0.31cvss 4.7epss 0.02

    Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version…

  • CVE-2019-15005MedNov 8, 2019
    risk 0.28cvss 4.3epss 0.01

    The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration…