517 matches found
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date processing system, related to errors in handling input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
VulnCheck KEV: CVE-2024-21683
This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to...
CVE-2024-21683
This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentialit...
CVE-2024-21683
CVE-2024-21683 is an authenticated Remote Code Execution in Atlassian Confluence Data Center and Server. The issue arises from the Rhino script engine parsing tainted data in uploaded text/files, allowing an attacker with necessary privileges (e.g., admin) to execute arbitrary host code. Affected...
PT-2024-3665 · Atlassian · Confluence
Name of the Vulnerable Software and Affected Versions: Confluence Data Center and Server versions 5.2 through 8.9.0 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Data Center versions 8.7.0 through 8.7.2 Confluence Data Center versions 8.6.0 through 8.6.2 Confluence Data Center...
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Confluence Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. Confluence Data Center is unaffected by this vulnerability as it does not use the PreferQueryMode=SIMPLE parameter required for this vulnerability in it...
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Confluence Data Center and Server
This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 5.6 of Confluence Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center involves the possibility of bypassing access-controlled directories, allowing attackers to influence the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center involves the possibility of bypassing access-controlled directories. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of protected...
Atlassian Confluence Server Security Vulnerability
Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Data Center and Server 6.13.0 that stems...
PT-2024-2437 · Atlassian +3 · Confluence +3
Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.0 through 2.10.0 Confluence Data Center and Server versions prior to 8.9.1 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Data Center versions 8.7.0 through 8.7.2 Confluence Data Center...
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and Server
This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 5.3 of Confluence Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
Atlassian Confluence 6.0.1 < 7.19.18 / 7.20.x < 8.5.5 / 8.6.x < 8.7.2 / 8.8.0 (CONFSERVER-94110)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94110 advisory. - A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack ...
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary code.
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2024-21678
This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...
CVE-2024-21678
This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...
PT-2024-1778 · Atlassian · Confluence
Name of the Vulnerable Software and Affected Versions: Confluence Data Center versions 2.7.0 through 8.7.1 Confluence Data Center versions 8.6.0 through 8.6.1 Confluence Data Center versions 8.5.0 through 8.5.4 LTS Confluence Data Center versions 8.4.0 through 8.4.5 Confluence Data Center version...
com.google.guava:guava Dependency in Confluence Data Center and Server
This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.0 of Confluence Data Center and Server. This com.google.guava:guava Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N allows an...
DoS (Denial of Service) org.json:json Dependency in Confluence Data Center and Server
This High severity org.json:json Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center, related to insufficient validation of input data, allows attackers to disclose protected information.
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information...