Lucene search
K
AtlassianConfluence

19 matches found

CVE
CVE
added 2019/12/19 12:50 a.m.139 views

CVE-2019-15006

CVE-2019-15006 describes a MITM vulnerability in the Confluence Previews plugin used to communicate with the Atlassian Companion app via the atlassian-domain-for-localhost-connections-only.com hostname (DNS to 127.0.0.1). An attacker controlling DNS could observe or modify edited files; the certi...

6.5CVSS6.2AI score0.01905EPSS
CVE
CVE
added 2020/02/06 3:10 a.m.131 views

CVE-2019-20406

CVE-2019-20406 affects Atlassian Confluence on Windows. The vulnerability is a DLL hijacking flaw in which local attackers with permission to write a DLL in a directory on the global PATH can inject code and escalate privileges. Affected versions are Confluence on Windows before 7.0.5, and from 7...

7.8CVSS7.5AI score0.0048EPSS
CVE
CVE
added 2019/08/29 2:32 p.m.108 views

CVE-2019-3394

CVE-2019-3394 affects Atlassian Confluence Server/Data Center: a local file disclosure in the page export feature allows an authenticated attacker with page-edit permission to read arbitrary files under the Confluence install directory (notably /confluence/WEB-INF). Impact could include leakage o...

8.8CVSS8AI score0.11406EPSS
CVE
CVE
added 2019/11/08 3:55 a.m.105 views

CVE-2019-15005

The CVE-2019-15005 vulnerability concerns the Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2, which is bundled with multiple Atlassian products. An unprivileged user can initiate periodic log scans and have the results emailed to a user-specified address due to ...

4.3CVSS4.3AI score0.01334EPSS
CVE
CVE
added 2020/07/01 1:35 a.m.101 views

CVE-2020-4027

Atlassian Confluence Server/Data Center is affected by CVE-2020-4027 due to an injection vulnerability in custom user macros that allows remote attackers with system administration permissions to bypass velocity template injection mitigations. Affected versions are before 7.4.5 and 7.5.0 before 7...

6.5CVSS4.9AI score0.01515EPSS
CVE
CVE
added 2019/03/25 6:37 p.m.94 views

CVE-2019-3395

CVE-2019-3395 affects Atlassian Confluence Server and Data Center via an SSRF vulnerability in the WebDAV endpoint. The issue allows remote attackers to send arbitrary HTTP/WebDAV requests from the Confluence server due to a Server-Side Request Forgery flaw. Affected versions are: before 6.6.7 (f...

9.8CVSS9.3AI score0.06712EPSS
CVE
CVE
added 2016/04/11 9:0 p.m.81 views

CVE-2015-8399

This CVE affects Atlassian Confluence (before 5.8.17). The vulnerability is an information disclosure where a remote authenticated user can read configuration files via the decoratorName parameter to spaces/viewdefaultdecorator.action or admin/viewdefaultdecorator.action. The issue is caused by a...

4.3CVSS4.4AI score0.61114EPSS
Web
CVE
CVE
added 2012/05/22 3:0 p.m.79 views

CVE-2012-2926

CVE-2012-2926 covers multiple Atlassian products (JIRA <5.0.1; Confluence pre-3.5.16, 4.0.x <4.0.7, 4.1.x <4.1.10; FishEye/Crucible, Bamboo <3.3.4/3.4.x; Crowd <2.0.9, <2.1.2, <2.2.9, <2.3.7,

9.1CVSS9AI score0.66578EPSS
CVE
CVE
added 2017/06/15 4:0 p.m.72 views

CVE-2017-9505

Atlassian Confluence, versions 4.3.0 up to 6.2.1, are vulnerable to an access-control bypass when creating a workbox notification for new comments. The root cause is failure to verify a viewer’s permission for the page, allowing an authenticated attacker who can log in to receive workbox notifica...

4.3CVSS4.3AI score0.01264EPSS
CVE
CVE
added 2017/01/18 10:0 p.m.70 views

CVE-2016-6283

CVE-2016-6283 affects Atlassian Confluence

6.1CVSS6AI score0.03826EPSS
Web
CVE
CVE
added 2018/02/02 2:0 p.m.69 views

CVE-2017-18084

CVE-2017-18084 affects Atlassian Confluence Server

4.8CVSS4.9AI score0.00612EPSS
CVE
CVE
added 2016/04/11 9:0 p.m.67 views

CVE-2015-8398

CVE-2015-8398 is a cross-site scripting vulnerability in Atlassian Confluence (pre-5.8.17). An attacker can inject arbitrary scripts via the PATH_INFO to rest/prototype/1/session/check, allowing remote script/HTML execution. Affected versions are Atlassian Confluence Server 5.8.x earlier than 5.8...

6.1CVSS5.9AI score0.02302EPSS
Web
CVE
CVE
added 2018/02/02 2:0 p.m.65 views

CVE-2017-18085

CVE-2017-18085 affects Atlassian Confluence Server prior to version 6.6.1, with a reflected XSS in the viewdefaultdecorator resource via the key parameter. Proof-of-impact details: arbitrary HTML/JavaScript can be injected. Affected products and versions are supported by multiple connected source...

6.1CVSS5.9AI score0.00825EPSS
CVE
CVE
added 2018/02/02 2:0 p.m.58 views

CVE-2017-18083

CVE-2017-18083 affects Atlassian Confluence Server before 6.4.0, where the editinword resource is vulnerable to cross-site scripting (XSS) via the contents of an uploaded file. The issue enables an attacker to inject arbitrary HTML/JavaScript through the uploaded file contents, as described in mu...

5.4CVSS5.2AI score0.00591EPSS
CVE
CVE
added 2017/12/05 4:0 p.m.56 views

CVE-2017-16856

CVE-2017-16856 affects Atlassian Confluence via the RSS Feed macro. The issue is a cross-site scripting (XSS) flaw in various RSS properties used as links without restricting their URL scheme, allowing remote injection of HTML/JavaScript. Affected product/version details in provided documents poi...

6.1CVSS6.2AI score0.00809EPSS
CVE
CVE
added 2017/04/10 3:0 a.m.55 views

CVE-2016-4317

CVE-2016-4317 affects Atlassian Confluence Server up to version 5.9.10, with a cross-site scripting (XSS) vulnerability on the viewmyprofile.action page. Root cause: failure to adequately validate user-supplied data leading to persistent XSS (described as a persistent XSS in Atlassian records and...

5.4CVSS5.3AI score0.0071EPSS
CVE
CVE
added 2018/07/10 1:0 p.m.53 views

CVE-2018-13389

CVE-2018-13389 affects Atlassian Confluence versions before 6.6.1. The vulnerability allows remote attackers to spoof web content in Mozilla Firefox by serving attachments with a content-type of application/rdf+xml, enabling content spoofing via the attachment resource. The Nessus entry and vendo...

4.7CVSS4.7AI score0.00998EPSS
CVE
CVE
added 2018/02/02 2:0 p.m.52 views

CVE-2017-18086

CVE-2017-18086 affects Atlassian Confluence Server prior to 6.4.2, where the issuesURL parameter can be exploited to inject arbitrary HTML/JavaScript via a reflected XSS vulnerability. Public sources (NVD/Nessus/CNVD) describe the issue as a reflected XSS in multiple resources using the issuesURL...

6.1CVSS5.9AI score0.00825EPSS
CVE
CVE
added 2005/12/03 7:0 p.m.51 views

CVE-2005-3967

CVE-2005-3967 is an XSS vulnerability in Atlassian Confluence 2.0.1 Build 321. The issue affects the dosearchsite.action module, allowing remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString parameter. The documented impact is partial integrity compromise with n...

4.3CVSS5.9AI score0.01208EPSS