310 matches found
The vulnerability of the confluence-cfg.xml configuration file in the Confluence Data Center for Windows operating systems allows a perpetrator to increase their privileges and gain unauthorized access to protected information.
The vulnerability of the confluence-cfg.xml configuration file in Confluence Data Center operating systems for Windows is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized...
RCE (Remote Code Execution) org.apache.avro:avro Dependency in Confluence Data Center and Server
This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 6.5 of Confluence Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an...
com.hazelcast:hazelcast Dependency in Confluence Data Center and Server
This High severity com.hazelcast:hazelcast Dependency vulnerability was introduced in versions 3.7 of Confluence Data Center and Server. This com.hazelcast:hazelcast Dependency vulnerability, with a CVSS Score of 7.6 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L allows an...
CVE-2024-21703
This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...
CVE-2024-21703
This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...
CVE-2024-21703
This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...
Atlassian Confluence Data Center and Server 安全漏洞
Atlassian Confluence Data Center and Server is a data center from Atlassian Australia. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the fact that the confluence.cfg.xml file is readable by default by users in the BUILTIN/Users group...
org.apache.commons:commons-compress Dependency in Confluence Data Center and Server
This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.14 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
CVE-2024-38819: Path traversal vulnerability in org.springframework:spring-webmvc used by Confluence Data Center
h3. Issue Summary Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the...
Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and Server
This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and Server
This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 3.7 of Confluence Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and Server
This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 6.5 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...
PT-2024-9090 · Microsoft +1 · Windows +2
Name of the Vulnerable Software and Affected Versions: Confluence Data Center and Server version 8.8.1 Confluence Data Center and Server versions prior to 7.19.18 Confluence Data Center and Server versions prior to 8.5.5 Confluence Data Center and Server versions prior to 8.7.2 Confluence Data...
Prototype Pollution json5 Dependency in Confluence Data Center
This High severity json5 Dependency vulnerability was introduced in versions 5.9 of Confluence Data Center. This json5 Dependency vulnerability, with a CVSS Score of 7.1, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to...
DoS (Denial of Service) minimatch Dependency in Confluence Data Center
This High severity minimatch Dependency vulnerability was introduced in versions 7.19.0 of Confluence Data Center. This minimatch Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no...
DoS (Denial of Service) braces Dependency in Confluence Data Center
This High severity braces Dependency vulnerability was introduced in versions 7.11 of Confluence Data Center. This braces Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no impact to...
Stored XSS in Confluence Data Center and Server
This High severity Stored XSS vulnerability was introduced in version 3.0 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...
DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center
This High severity decode-uri-component Dependency vulnerability was introduced in version 7.0.1 of Confluence Data Center. This decode-uri-component Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to...
BASM (Broken Authentication & Session Management) browserify-sign Dependency in Confluence Data Center
This High severity BASM Broken Authentication & Session Management vulnerability was introduced in version 7.11 of Confluence Data Center. This BASM Broken Authentication & Session Management vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to exploit a cryptographic...
DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server
This High severity org.apache.commons:commons-configuration2 Dependency vulnerability was introduced in versions 6.0 of Confluence Data Center and Server. This org.apache.commons:commons-configuration2 Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of...