Atlassian Confluence 9.0.1 < 9.2.1 / 9.3.1 < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101574)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101574 advisory. - Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This...

Atlassian Confluence 3.x < 7.19.30 / 7.20.x < 8.5.18 / 8.6.x < 9.1.1 / 9.2.0 (CONFSERVER-98842)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98842 advisory. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An...

Atlassian Confluence 7.19.x < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.0 / 9.2.0 (CONFSERVER-98300)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98300 advisory. - A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand...

Atlassian Confluence < 7.19.21 / 7.20.x < 8.5.8 / 8.6.x < 8.9.1 (CONFSERVER-97711)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-97711 advisory. - An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service DoS via the clojure.core$partial$fn5920 functio...

Atlassian Confluence < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96101)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96101 advisory. - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error...

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95942)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95942 advisory. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the...

Confserver ticket aggregation

Support CONFSERVER ticket aggregation similar to https://hello.atlassian.net/wiki/spaces/JIRASERVER/pages/3002952256/Experiment+-+JSEC+aggregates...

Atlassian Confluence 6.0.1 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 SQLI (CONFSERVER-95837)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95837 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mo...

Atlassian Confluence 6.13.0 < 7.19.20 / 7.20.x < 8.5.7 / 8.6.x < 8.8.1 (CONFSERVER-94604)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94604 advisory. - This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, wit...

Atlassian Confluence 6.0.1 < 7.19.18 / 7.20.x < 8.5.5 / 8.6.x < 8.7.2 / 8.8.0 (CONFSERVER-94110)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94110 advisory. - A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack ...

Atlassian Confluence < 8.5.4 RCE (CONFSERVER-93833)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93833 advisory. - RCE Remote Code Execution in Confluence Data Center and Server due to a template injection vulnerability. An unauthenticated, remote attacker, can...

Atlassian Confluence Authentication Bypass (CONFSERVER-93142) (Direct Check)

Binary data confluencecve-2023-22518.nbin...

Atlassian Confluence < 7.19.16 / 8.x < 8.3.4 / 8.4.x < 8.4.4 / 8.5.x < 8.5.3 / 8.6.x < 8.6.1 (CONFSERVER-93142)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93142 advisory. - Improper Authorization in Confluence Data Center and Server CVE-2023-22518 Note that Nessus has not tested for this issue but has instead relied...

Atlassian Confluence < 7.19.14 / 8.5.x < 8.5.1 (CONFSERVER-91258)

The version of Atlassian Confluence Server running on the remote host is affected by a denial of service DoS vulnerability as referenced in the CONFSERVER-91258 advisory. The vulnerability exists in Confluence Data Center and Server. An unauthenticated, remote attacker can exploit this issue to...

Atlassian Confluence Command Injection (CONFSERVER-79016)

According to its self-reported version number, the Atlassian Confluence running on the remote host is affected by a command injection vulnerability. A remote, unauthenticated attacker can use this to execute arbitrary code. Note that Nessus has not tested for this issue but has instead relied onl...

Exploit for Forced Browsing in Atlassian Confluence_Data_Center

CVE-2021-26085 Atlassian Confluence Server 7.5.1 Pre-Authoriza...

Apache Log4j - Arbitrary Code Execution in confserver/confluence (master)

h3. Issue Summary Arbitrary Code Execution in confserver/confluence master h3. Steps to Reproduce Vulnerability: Arbitrary Code Execution Severity: color:f9423aHighcolor Project: confserver/confluence Branch: master Scan Date: Unknown Vulnerability ID: CVE-2019-17571 log4j-core is vulnerable to...

commons-beanutils - Authorization Bypass in confserver/confluence-frontend-plugins (master)

h1. Authorization Bypass in confserver/confluence-frontend-plugins master| h4. Issue Details Vulnerability: Authorization Bypass Severity: color:f9423aHighcolor Project: confserver/confluence-frontend-plugins Branch: master Scan Date: Unknown h4. Issue Description commons-beanutils2 is vulnerable...