2907 matches found
Atlassian Confluence <5.8.17 - Information Disclosure
Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action. id: CVE-2015-8399 info: name: Atlassian...
Atlassian Jira Confluence - Cross-Site Scripting
Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...
Atlassian Confluence < 5.8.6 - Server-Side Request Forgery
Confluence Server and Data Center before 5.8.6 contain a blind server-side request forgery caused by the WidgetConnector plugin, letting remote attackers manipulate internal network resources, exploit requires network access to the server. id: CVE-2021-26072 info: name: Atlassian Confluence 5.8.6...
Atlassian Confluence Data Center and Server - Remote Code Execution
Detects a Remote Code Execution vulnerability in Confluence Data Center and Server versions prior to X.X affected versions. This issue allows authenticated attackers to execute arbitrary code. id: CVE-2024-21683 info: name: Atlassian Confluence Data Center and Server - Remote Code Execution autho...
PYSEC-2026-408 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment
Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...
Atlassian Confluence - Privilege Escalation
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. id: CVE-2023-22515 info: name: Atlassian Confluence - Privilege Escalation author:...
Atlassian Questions For Confluence - Hardcoded Credentials
Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attack...
Atlassian Confluence Download Attachments - Remote Code Execution
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...
CVE-2026-12225
CVE-2026-12225 affects syracom Secure Login (2FA) for Atlassian Jira, Confluence and Bitbucket (v3.4.0.x). The vulnerability enables an authentication bypass: an attacker with valid credentials can bypass 2FA by sending requests with a crafted User-Agent (e.g., AtlassianMobileApp, JIRA), allowing...
CVE-2026-12225 syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent
syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...
EUVD-2026-37066
syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...
Atlassian Confluence Server - Local File Inclusion
Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint. id: CVE-2021-26085 info: name: Atlassian Confluence Server - Local File Inclusion author: princechaddha severity: medium description: Atlassian Confluence Server allows...
Confluence Server - Remote Code Execution
Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...
Confluence - Remote Code Execution
Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability. id: CVE-2022-26134 info: name: Confluence - Remote Code Execution author: pdteam,jbertman severity: critical description: | Confluence Server and Data Center is susceptible to an...
Atlassian Confluence - Remote Code Execution
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...
Atlassian Confluence Server - Improper Authorization
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an...
Atlassian Confluence Server - Path Traversal
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
PT-2026-49655
Name of the Vulnerable Software and Affected Versions syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket versions 3.4.0.x Description An authentication bypass exists where an attacker with valid user credentials can circumvent the two-factor authentication 2FA flow. By...
Information Disclosure org.apache.tomcat:tomcat-websocket Dependency in Confluence Data Center
This High severity Information Disclosure vulnerability was introduced in versions 6.13.0, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.1, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.3 and a...
Injection io.netty:netty-codec-dns Dependency in Confluence Data Center
This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 7.0.1, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0,...