Lucene search
K
AtlassianConfluence Data Center*

20 matches found

CVE
CVE
added 2021/08/30 6:30 a.m.1986 views

CVE-2021-26084

CVE-2021-26084 is an OGNL injection vulnerability in Atlassian Confluence Server and Data Center that allows unauthenticated remote code execution. Affected branches include Confluence Server/Data Center versions prior to 6.13.23, 6.14.0 before 7.4.11, 7.5.0 before 7.11.6, and 7.12.0 before 7.12....

9.8CVSS8.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/08/03 12:0 a.m.1122 views

CVE-2021-26085

CVE-2021-26085 affects Atlassian Confluence Server. It is a Pre-Authorization Arbitrary File Read via the /s/ endpoint, allowing remote attackers to view restricted resources. Affected versions are before 7.4.10, and 7.5.0 before 7.12.3; fixes are in 7.4.10 and 7.12.3. Public PoCs and demonstrati...

5.3CVSS5.3AI score0.99937EPSS
In wild
CVE
CVE
added 2022/07/20 5:25 p.m.245 views

CVE-2022-26136

CVE-2022-26136 is a vulnerability in multiple Atlassian products where remote, unauthenticated attackers can bypass Servlet Filters used by first and third‑party apps, potentially causing authentication bypass and XSS. Affected products and fixed ranges are provided: Atlassian Bamboo (<8.0.9, ...

9.8CVSS9.1AI score0.04244EPSS
CVE
CVE
added 2022/07/20 5:25 p.m.162 views

CVE-2022-26137

CVE-2022-26137 concerns multiple Atlassian products (Bamboo, Bitbucket, Confluence, Jira, Jira Service Management, Crowd, Fisheye/Crucible) where an unauthenticated remote attacker can trigger additional Servlet Filters in requests/responses, causing a CORS bypass. The issue allows an attacker to...

8.8CVSS9AI score0.01852EPSS
CVE
CVE
added 2022/04/05 4:0 a.m.139 views

CVE-2021-39114

CVE-2021-39114 affects Atlassian Confluence Server/Data Center. An OGNL injection in Confluence prior to specific fixed versions allows a valid account on a Data Center instance to execute arbitrary Java code or commands. Affected versions are: before 6.13.23; 6.14.0 before 7.4.11; 7.5.0 before 7...

8.8CVSS9.5AI score0.01657EPSS
CVE
CVE
added 2022/02/15 3:15 a.m.124 views

CVE-2021-43940

CVE-2021-43940 affects Atlassian Confluence Server and Data Center on Windows. A DLL hijacking vulnerability in the Confluence installer allows authenticated local attackers to achieve elevated privileges on the local system. Affected versions are before 7.4.10, and 7.5.0 before 7.12.3. Documente...

7.8CVSS7.3AI score0.0033EPSS
CVE
CVE
added 2021/02/18 3:8 p.m.113 views

CVE-2020-29448

CVE-2020-29448 affects Atlassian Confluence Server/Data Center. Affected ConfluenceResourceDownloadRewriteRule allows unauthenticated remote retrieval of arbitrary files in WEB-INF and META-INF due to an incorrect path access check. Impact is read-only exposure of restricted files; no exploitatio...

5.3CVSS5.5AI score0.0233EPSS
CVE
CVE
added 2021/05/07 6:10 a.m.107 views

CVE-2020-29444

CVE-2020-29444 affects Atlassian Confluence Server: Team Calendar component is vulnerable to a Cross-Site Scripting (XSS) attack via admin global setting parameters in versions before 7.11.0. The root cause is a failure to properly sanitize inputs in the admin settings, allowing injection of arbi...

5.4CVSS5.3AI score0.00928EPSS
CVE
CVE
added 2021/01/19 12:30 a.m.102 views

CVE-2020-29450

CVE-2020-29450 affects Atlassian Confluence Server and Data Center before version 7.2.0, where the avatar upload feature allows remote attackers to impact availability (DoS). The root cause is a DoS vulnerability in the avatar upload functionality. Fixed versions are 7.2.0 and later. Remediation:...

6.5CVSS6.4AI score0.02214EPSS
CVE
CVE
added 2024/02/20 6:0 p.m.100 views

CVE-2024-21678

CVE-2024-21678 is a stored XSS vulnerability in Atlassian Confluence Data Center and Server introduced in 2.7.0. An authenticated attacker can inject HTML/JavaScript that runs in a victim’s browser, with high confidentiality impact, low integrity impact, no availability impact, and no user intera...

8.5CVSS7.9AI score0.00471EPSS
CVE
CVE
added 2020/07/24 7:5 a.m.92 views

CVE-2020-14175

CVE-2020-14175 affects Atlassian Confluence Server and Data Center. The vulnerability is a Cross-Site Scripting (XSS) flaw in user macro parameters that allows injection of arbitrary HTML/JavaScript. Affected versions are before 7.4.2 and 7.5.0 up to before 7.5.2. Some sources note exploitation m...

5.4CVSS5.2AI score0.01154EPSS
CVE
CVE
added 2024/07/16 8:0 p.m.92 views

CVE-2024-21686

CVE-2024-21686 is a stored XSS vulnerability affecting Atlassian Confluence Data Center and Server, introduced in version 7.13. The CVSS base score is 7.3 (high) with author-verified network attack vector, low attack complexity, low privileges required, and user interaction required; impact is hi...

8.7CVSS6.1AI score0.0089EPSS
CVE
CVE
added 2019/04/30 3:28 p.m.90 views

CVE-2018-20239

CVE-2018-20239 involves a cross-site scripting (XSS) flaw in the Application Links plugin’s applinkStartingUrl parameter. The vulnerability affects multiple plugin versions: Application Links before 5.0.11, 5.1.0–before 5.2.10, 5.3.0–before 5.3.6, 5.4.0–before 5.4.12, and 6.0.0–before 6.0.4. It i...

5.4CVSS5.2AI score0.03401EPSS
CVE
CVE
added 2024/11/27 5:0 p.m.90 views

CVE-2024-21703

This CVE describes a Medium severity Security Misconfiguration in Confluence Data Center and Server for Windows, introduced in version 8.8.1. An authenticated attacker on the Windows host can read sensitive information about the Confluence Data Center configuration, impacting confidentiality, int...

6.4CVSS6.5AI score0.00202EPSS
CVE
CVE
added 2021/04/01 6:10 p.m.87 views

CVE-2021-26072

CVE-2021-26072 affects Atlassian Confluence Server/Data Center prior to 5.8.6, where the WidgetConnector plugin permits blind SSRF allowing remote attackers to manipulate internal network resources. The issue arises from insecure server-side requests triggered by the widgetconnector, with exploit...

4.3CVSS4.6AI score0.38845EPSS
In wild
CVE
CVE
added 2023/05/01 4:0 p.m.86 views

CVE-2023-22503

The CVE concerns Atlassian Confluence Server/Data Center where the macro preview feature permits an Information Disclosure vulnerability. Affected: Confluence Server/Data Center versions before 7.13.15, 7.14.0–7.19.7, and 7.20.0–8.2.0. Impact: anonymous remote attackers can view names of attachme...

5.3CVSS5AI score0.00792EPSS
CVE
CVE
added 2022/11/15 12:0 a.m.75 views

CVE-2022-42977

The CVE-2022-42977 relates to the Netic User Export add-on for Atlassian Confluence (before version 1.3.5). The vulnerability arises from the export functionality, where the HTTP request’s fileName parameter can specify any file on the system, enabling retrieval of arbitrary files (e.g., SSH priv...

7.5CVSS7.5AI score0.00956EPSS
CVE
CVE
added 2022/07/26 4:5 a.m.74 views

CVE-2020-36290

CVE-2020-36290 affects Atlassian Confluence Server/Data Center via the Livesearch macro. Vulnerable versions include pre-7.4.5, 7.5.0–7.6.2, and 7.7.0–7.7.3 (up to 7.7.4 in some listings), where remote attackers with page/blog edit permission can inject arbitrary HTML/JavaScript into the page exc...

5.4CVSS5.2AI score0.00597EPSS
CVE
CVE
added 2022/11/15 12:0 a.m.72 views

CVE-2022-42978

The vulnerability CVE-2022-42978 affects the Netic User Export add-on for Atlassian Confluence prior to version 1.3.5. The root cause is mishandled authorization, allowing an unauthenticated attacker to access files on the remote system. Impact is unauthorized file access. Remediation: upgrade to...

7.5CVSS7.6AI score0.00803EPSS
CVE
CVE
added 2019/02/13 6:0 p.m.65 views

CVE-2018-20237

Confluence Server/Data Center prior to version 6.13.1 is affected by an information-disclosure vulnerability in the Word Export feature. An authenticated user can download content from deleted pages, exposing partially confidential data. Root cause: Word Export component allows access to deleted ...

6.5CVSS6.3AI score0.01737EPSS