Confluence Data Center Security Vulnerabilities and Issues — Confluence Data Center CVE List

Lucene search

AtlassianConfluence Data Center

8 matches found

CVE•added 2022/06/03 10:15 p.m.•1596 views

CVE-2022-26134

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, fro...

9.8CVSS9.9AI score0.94426EPSS

CVE•added 2022/07/20 6:15 p.m.•197 views

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and c...

9.8CVSS9.1AI score0.00224EPSS

CVE•added 2022/07/20 6:15 p.m.•142 views

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-...

8.8CVSS9AI score0.00073EPSS

CVE•added 2022/04/05 4:15 a.m.•109 views

CVE-2021-39114

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 ...

8.8CVSS9.5AI score0.00331EPSS

CVE•added 2022/02/15 4:15 a.m.•104 views

CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center o...

7.8CVSS7.3AI score0.00155EPSS

CVE•added 2022/11/15 1:15 a.m.•59 views

CVE-2022-42977

The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded.

7.5CVSS7.5AI score0.00311EPSS

CVE•added 2022/11/15 1:15 a.m.•56 views

CVE-2022-42978

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.

7.5CVSS7.6AI score0.0049EPSS

CVE•added 2022/07/26 4:15 a.m.•55 views

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnera...

5.4CVSS5.2AI score0.00223EPSS