Lucene search
+L
AtlassianConfluence Server

49 matches found

cve
cve
added 2025/03/17 10:34 p.m.12241 views

CVE-2023-22512

CVE-2023-22512 is a DoS vulnerability in Atlassian Confluence Data Center and Server. Introduced in version 5.6, it allows an unauthenticated, network-based attacker to make a Confluence instance unavailable, with no impact to confidentiality or integrity and a high availability impact (CVSS v3.1...

7.5CVSS8AI score0.13734EPSS
cve
cve
added 2019/03/25 6:37 p.m.2127 views

CVE-2019-3396

CVE-2019-3396 – Atlassian Confluence Widget Connector SSTI RCE : A server-side template injection flaw in the Widget Connector macro allows remote attackers to perform path traversal and achieve remote code execution on Confluence Server/Data Center. Fixes are in Confluence versions: 6.6.12 (6.6....

10CVSS9.8AI score0.99913EPSS
In wildWeb
cve
cve
added 2021/08/30 6:30 a.m.1991 views

CVE-2021-26084

CVE-2021-26084 is an OGNL injection vulnerability in Atlassian Confluence Server and Data Center that allows unauthenticated remote code execution. Affected branches include Confluence Server/Data Center versions prior to 6.13.23, 6.14.0 before 7.4.11, 7.5.0 before 7.11.6, and 7.12.0 before 7.12....

9.8CVSS8.7AI score0.99999EPSS
In wildWeb
cve
cve
added 2022/06/03 9:51 p.m.1730 views

CVE-2022-26134

CVE-2022-26134 is an unauthenticated OGNL injection in Atlassian Confluence Server and Data Center that enables remote code execution. Affected: Confluence Server/Data Center versions from 1.3.0 up to 7.4.16, 7.13.x up to 7.13.6, 7.14.x up to 7.14.2, 7.15.x up to 7.15.1, 7.16.x up to 7.16.3, 7.17...

9.8CVSS9.9AI score0.99999EPSS
In wild
cve
cve
added 2021/08/03 12:0 a.m.1122 views

CVE-2021-26085

CVE-2021-26085 affects Atlassian Confluence Server. It is a Pre-Authorization Arbitrary File Read via the /s/ endpoint, allowing remote attackers to view restricted resources. Affected versions are before 7.4.10, and 7.5.0 before 7.12.3; fixes are in 7.4.10 and 7.12.3. Public PoCs and demonstrati...

5.3CVSS5.3AI score0.99937EPSS
In wild
cve
cve
added 2019/04/18 5:21 p.m.1088 views

CVE-2019-3398

CVE-2019-3398 affects Atlassian Confluence Server and Data Center. A path traversal vulnerability in the downloadallattachments resource lets an attacker with page/blog permissions or admin rights write files to arbitrary locations, potentially leading to remote code execution on vulnerable insta...

9CVSS8.8AI score0.97153EPSS
In wildWeb
cve
cve
added 2023/10/04 2:0 p.m.923 views

CVE-2023-22515

CVE-2023-22515 affects Atlassian Confluence Data Center and Server. The issue is a broken access control vulnerability that enables an unauthenticated attacker to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected, and ins...

10CVSS7.4AI score0.99156EPSS
In wild
cve
cve
added 2024/01/16 5:0 a.m.582 views

CVE-2023-22527

CVE-2023-22527 is an OGNL/SSTI-based remote code execution vulnerability in Atlassian Confluence Data Center and Server. Affected versions include Confluence Data Center/Server 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0–8.5.3 (per multiple exploits). Anonymous attackers could trigger RCE via a ...

10CVSS9.7AI score0.99984EPSS
In wild
cve
cve
added 2023/10/31 2:30 p.m.559 views

CVE-2023-22518

CVE-2023-22518 (Confluence DC/Server): An improper authorization vulnerability allowed an unauthenticated attacker to reset Confluence and create an instance administrator, enabling full admin control and potential data loss. Affected products include Confluence Data Center (all versions) and Con...

10CVSS9.4AI score0.99999EPSS
In wildWeb
cve
cve
added 2024/05/21 11:0 p.m.492 views

CVE-2024-21683

CVE-2024-21683 is an authenticated Remote Code Execution in Atlassian Confluence Data Center and Server. The issue arises from the Rhino script engine parsing tainted data in uploaded text/files, allowing an attacker with necessary privileges (e.g., admin) to execute arbitrary host code. Affected...

8.8CVSS8.8AI score0.88267EPSS
In wildWeb
cve
cve
added 2022/07/20 5:25 p.m.248 views

CVE-2022-26136

CVE-2022-26136 is a vulnerability in multiple Atlassian products where remote, unauthenticated attackers can bypass Servlet Filters used by first and third‑party apps, potentially causing authentication bypass and XSS. Affected products and fixed ranges are provided: Atlassian Bamboo (<8.0.9, ...

9.8CVSS9.1AI score0.04244EPSS
cve
cve
added 2023/07/18 11:0 p.m.225 views

CVE-2023-22508

CVE-2023-22508 is a high-severity Remote Code Execution vulnerability in Atlassian Confluence Data Center & Server, introduced in version 6.1.0. The flaw enables an authenticated attacker to execute arbitrary code with high impact to confidentiality, integrity, and availability, without user inte...

8.8CVSS9AI score0.02185EPSS
cve
cve
added 2022/07/20 5:25 p.m.162 views

CVE-2022-26137

CVE-2022-26137 concerns multiple Atlassian products (Bamboo, Bitbucket, Confluence, Jira, Jira Service Management, Crowd, Fisheye/Crucible) where an unauthenticated remote attacker can trigger additional Servlet Filters in requests/responses, causing a CORS bypass. The issue allows an attacker to...

8.8CVSS9AI score0.01852EPSS
cve
cve
added 2024/03/19 5:0 p.m.155 views

CVE-2024-21677

CVE-2024-21677 affects Atlassian Confluence Data Center and Server, introduced in version 6.13.0 as a High-severity path traversal vulnerability. The CVSS data indicate unauthenticated network access with low attack complexity, no privileges required, but user interaction is needed, and impacts t...

8.8CVSS8.1AI score0.00926EPSS
cve
cve
added 2024/08/21 4:5 p.m.152 views

CVE-2024-21690

This CVE affects Atlassian Confluence Data Center and Server. The issue is a Reflected XSS and CSRF vulnerability that impacts versions 7.19.0, 7.20.0, 8.0.0 through 8.9.0. An unauthenticated attacker can cause a victim’s browser to execute arbitrary HTML/JavaScript and persuade the user to perfo...

8.2CVSS6.5AI score0.00712EPSS
cve
cve
added 2023/05/25 2:0 p.m.142 views

CVE-2023-22504

CVE-2023-22504 affects Atlassian Confluence Server. Affected versions allow remote attackers with read permissions (not write) to upload attachments due to a Broken Access Control in the attachments feature. The issue is evidenced across multiple sources referencing Confluence Server prior to ver...

6.5CVSS4.7AI score0.00747EPSS
cve
cve
added 2023/12/06 5:0 a.m.141 views

CVE-2023-22522

CVE-2023-22522 is an RCE flaw in Atlassian Confluence Data Center and Server caused by a template injection vulnerability that lets an authenticated (including anonymous) attacker inject unsafe input into a Confluence page. Affected versions include Confluence Data Center/Server releases prior to...

9CVSS9.3AI score0.12844EPSS
cve
cve
added 2019/12/19 12:50 a.m.139 views

CVE-2019-15006

CVE-2019-15006 describes a MITM vulnerability in the Confluence Previews plugin used to communicate with the Atlassian Companion app via the atlassian-domain-for-localhost-connections-only.com hostname (DNS to 127.0.0.1). An attacker controlling DNS could observe or modify edited files; the certi...

6.5CVSS6.2AI score0.01905EPSS
cve
cve
added 2022/04/05 4:0 a.m.139 views

CVE-2021-39114

CVE-2021-39114 affects Atlassian Confluence Server/Data Center. An OGNL injection in Confluence prior to specific fixed versions allows a valid account on a Data Center instance to execute arbitrary Java code or commands. Affected versions are: before 6.13.23; 6.14.0 before 7.4.11; 7.5.0 before 7...

8.8CVSS9.5AI score0.01657EPSS
cve
cve
added 2020/02/06 3:10 a.m.132 views

CVE-2019-20406

CVE-2019-20406 affects Atlassian Confluence on Windows. The vulnerability is a DLL hijacking flaw in which local attackers with permission to write a DLL in a directory on the global PATH can inject code and escalate privileges. Affected versions are Confluence on Windows before 7.0.5, and from 7...

7.8CVSS7.5AI score0.0048EPSS
cve
cve
added 2022/02/15 3:15 a.m.124 views

CVE-2021-43940

CVE-2021-43940 affects Atlassian Confluence Server and Data Center on Windows. A DLL hijacking vulnerability in the Confluence installer allows authenticated local attackers to achieve elevated privileges on the local system. Affected versions are before 7.4.10, and 7.5.0 before 7.12.3. Documente...

7.8CVSS7.3AI score0.0033EPSS
cve
cve
added 2021/05/07 6:10 a.m.115 views

CVE-2020-29445

CVE-2020-29445 describes a blind SSRF in Atlassian Confluence Server’s Team Calendars parameters. Affected are Confluence Server versions before 7.4.8 and 7.5.0 through 7.10.9 (pre-7.11.0). Root cause is a server-side request forgery in the Team Calendars functionality, enabling an attacker to id...

4.3CVSS4.7AI score0.01201EPSS
cve
cve
added 2021/02/18 3:8 p.m.114 views

CVE-2020-29448

CVE-2020-29448 affects Atlassian Confluence Server/Data Center. Affected ConfluenceResourceDownloadRewriteRule allows unauthenticated remote retrieval of arbitrary files in WEB-INF and META-INF due to an incorrect path access check. Impact is read-only exposure of restricted files; no exploitatio...

5.3CVSS5.5AI score0.0233EPSS
cve
cve
added 2023/07/18 9:0 p.m.111 views

CVE-2023-22505

CVE-2023-22505 affects Atlassian Confluence Data Center & Server. A remote code execution flaw exists due to insufficient input validation, enabling an authenticated attacker to execute arbitrary code with high impact on confidentiality, integrity, and availability. Affected versions include 8.0....

8.8CVSS8.5AI score0.02073EPSS
cve
cve
added 2019/08/29 2:32 p.m.108 views

CVE-2019-3394

CVE-2019-3394 affects Atlassian Confluence Server/Data Center: a local file disclosure in the page export feature allows an authenticated attacker with page-edit permission to read arbitrary files under the Confluence install directory (notably /confluence/WEB-INF). Impact could include leakage o...

8.8CVSS8AI score0.11406EPSS
cve
cve
added 2021/05/07 6:10 a.m.107 views

CVE-2020-29444

CVE-2020-29444 affects Atlassian Confluence Server: Team Calendar component is vulnerable to a Cross-Site Scripting (XSS) attack via admin global setting parameters in versions before 7.11.0. The root cause is a failure to properly sanitize inputs in the admin settings, allowing injection of arbi...

5.4CVSS5.3AI score0.00928EPSS
cve
cve
added 2021/01/19 12:30 a.m.102 views

CVE-2020-29450

CVE-2020-29450 affects Atlassian Confluence Server and Data Center before version 7.2.0, where the avatar upload feature allows remote attackers to impact availability (DoS). The root cause is a DoS vulnerability in the avatar upload functionality. Fixed versions are 7.2.0 and later. Remediation:...

6.5CVSS6.4AI score0.02214EPSS
cve
cve
added 2020/07/01 1:35 a.m.101 views

CVE-2020-4027

Atlassian Confluence Server/Data Center is affected by CVE-2020-4027 due to an injection vulnerability in custom user macros that allows remote attackers with system administration permissions to bypass velocity template injection mitigations. Affected versions are before 7.4.5 and 7.5.0 before 7...

6.5CVSS4.9AI score0.01515EPSS
cve
cve
added 2024/02/20 6:0 p.m.100 views

CVE-2024-21678

CVE-2024-21678 is a stored XSS vulnerability in Atlassian Confluence Data Center and Server introduced in 2.7.0. An authenticated attacker can inject HTML/JavaScript that runs in a victim’s browser, with high confidentiality impact, low integrity impact, no availability impact, and no user intera...

8.5CVSS7.9AI score0.00471EPSS
cve
cve
added 2024/01/16 5:0 a.m.97 views

CVE-2024-21672

CVE-2024-21672 : A remote code execution vulnerability in Atlassian Confluence Data Center and Server was introduced in 2.1.0. It allows an unauthenticated, network‑level attacker to remotely expose assets when exploiting the flaw, with user interaction required (UI: R). The vulnerability impacts...

8.8CVSS8.8AI score0.01363EPSS
cve
cve
added 2019/03/25 6:37 p.m.94 views

CVE-2019-3395

CVE-2019-3395 affects Atlassian Confluence Server and Data Center via an SSRF vulnerability in the WebDAV endpoint. The issue allows remote attackers to send arbitrary HTTP/WebDAV requests from the Confluence server due to a Server-Side Request Forgery flaw. Affected versions are: before 6.6.7 (f...

9.8CVSS9.3AI score0.06712EPSS
cve
cve
added 2020/07/24 7:5 a.m.92 views

CVE-2020-14175

CVE-2020-14175 affects Atlassian Confluence Server and Data Center. The vulnerability is a Cross-Site Scripting (XSS) flaw in user macro parameters that allows injection of arbitrary HTML/JavaScript. Affected versions are before 7.4.2 and 7.5.0 up to before 7.5.2. Some sources note exploitation m...

5.4CVSS5.2AI score0.01154EPSS
cve
cve
added 2024/07/16 8:0 p.m.92 views

CVE-2024-21686

CVE-2024-21686 is a stored XSS vulnerability affecting Atlassian Confluence Data Center and Server, introduced in version 7.13. The CVSS base score is 7.3 (high) with author-verified network attack vector, low attack complexity, low privileges required, and user interaction required; impact is hi...

8.7CVSS6.1AI score0.0089EPSS
cve
cve
added 2019/04/30 3:28 p.m.90 views

CVE-2018-20239

CVE-2018-20239 involves a cross-site scripting (XSS) flaw in the Application Links plugin’s applinkStartingUrl parameter. The vulnerability affects multiple plugin versions: Application Links before 5.0.11, 5.1.0–before 5.2.10, 5.3.0–before 5.3.6, 5.4.0–before 5.4.12, and 6.0.0–before 6.0.4. It i...

5.4CVSS5.2AI score0.03401EPSS
cve
cve
added 2024/11/27 5:0 p.m.90 views

CVE-2024-21703

This CVE describes a Medium severity Security Misconfiguration in Confluence Data Center and Server for Windows, introduced in version 8.8.1. An authenticated attacker on the Windows host can read sensitive information about the Confluence Data Center configuration, impacting confidentiality, int...

6.4CVSS6.5AI score0.00202EPSS
cve
cve
added 2021/04/01 6:10 p.m.88 views

CVE-2021-26072

CVE-2021-26072 affects Atlassian Confluence Server/Data Center prior to 5.8.6, where the WidgetConnector plugin permits blind SSRF allowing remote attackers to manipulate internal network resources. The issue arises from insecure server-side requests triggered by the widgetconnector, with exploit...

4.3CVSS4.6AI score0.38845EPSS
In wild
cve
cve
added 2023/05/01 4:0 p.m.86 views

CVE-2023-22503

The CVE concerns Atlassian Confluence Server/Data Center where the macro preview feature permits an Information Disclosure vulnerability. Affected: Confluence Server/Data Center versions before 7.13.15, 7.14.0–7.19.7, and 7.20.0–8.2.0. Impact: anonymous remote attackers can view names of attachme...

5.3CVSS5AI score0.00792EPSS
cve
cve
added 2020/04/22 3:30 a.m.81 views

CVE-2019-20102

CVE-2019-20102 affects Atlassian Confluence Server: attachment-upload feature allows stored cross-site scripting (SXSS) via a malicious attachment with a modified mimeType. Affected products/versions: Confluence Server 6.14.0–6.14.3 and 6.15.0–before 6.15.5. Root cause is improper validation of u...

6.1CVSS6.1AI score0.01085EPSS
cve
cve
added 2012/05/22 3:0 p.m.79 views

CVE-2012-2926

CVE-2012-2926 covers multiple Atlassian products (JIRA <5.0.1; Confluence pre-3.5.16, 4.0.x <4.0.7, 4.1.x <4.1.10; FishEye/Crucible, Bamboo <3.3.4/3.4.x; Crowd <2.0.9, <2.1.2, <2.2.9, <2.3.7,

9.1CVSS9AI score0.66578EPSS
cve
cve
added 2024/01/16 5:0 a.m.79 views

CVE-2024-21673

CVE-2024-21673 affects Atlassian Confluence Data Center and Server. The vulnerability is an authenticated remote code execution that was introduced in version 7.13.0, with high impact on confidentiality, integrity, and availability (CVSS v3.0/3.1 base scores 8.0/8.8). Affected versions include 7....

8.8CVSS8.3AI score0.01504EPSS
cve
cve
added 2022/07/26 4:5 a.m.75 views

CVE-2020-36290

CVE-2020-36290 affects Atlassian Confluence Server/Data Center via the Livesearch macro. Vulnerable versions include pre-7.4.5, 7.5.0–7.6.2, and 7.7.0–7.7.3 (up to 7.7.4 in some listings), where remote attackers with page/blog edit permission can inject arbitrary HTML/JavaScript into the page exc...

5.4CVSS5.2AI score0.00597EPSS
cve
cve
added 2024/01/16 5:0 a.m.74 views

CVE-2023-22526

CVE-2023-22526 is an authenticated RCE affecting Atlassian Confluence Data Center/Server introduced in 7.19.0. The CVSS 3.1/3.0 data show high impact (C/I/A) with network access and low attack complexity; privileges required are low (per NVD). The vulnerability allows executing arbitrary code wit...

8.8CVSS8.1AI score0.01565EPSS
cve
cve
added 2024/01/16 5:0 a.m.71 views

CVE-2024-21674

CVE-2024-21674 affects Atlassian Confluence Data Center and Server, introduced in 7.13.0, enabling unauthenticated remote code execution (RCE) with high confidentiality impact (CVSSv3.0: 8.6, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Upgraded fixed versions are 7.19.18+, 8.5.5+, or 8.7.2+ (recommend ...

8.6CVSS8AI score0.01768EPSS
cve
cve
added 2017/01/23 9:0 p.m.70 views

CVE-2016-6668

The CVE-2016-6668 issue affects Atlassian HipChat integration plugins across Bitbucket Server, Confluence HipChat, and HipChat for JIRA. The vulnerability enables remote attackers to obtain the secret key used to communicate with HipChat instances by reading unspecified pages. Affected versions i...

7.5CVSS7.4AI score0.03743EPSS
cve
cve
added 2017/04/27 10:0 a.m.68 views

CVE-2017-7415

CVE-2017-7415 affects Atlassian Confluence 6.x up to but not including 6.0.7. Via the drafts diff REST resource, unauthenticated users (and in some setups even anonymous users) could bypass authentication and disclose the content of all blogs and pages by enumerating page or draft IDs. The issue ...

7.5CVSS7.6AI score0.04387EPSS
cve
cve
added 2019/02/13 6:0 p.m.65 views

CVE-2018-20237

Confluence Server/Data Center prior to version 6.13.1 is affected by an information-disclosure vulnerability in the Word Export feature. An authenticated user can download content from deleted pages, exposing partially confidential data. Root cause: Word Export component allows access to deleted ...

6.5CVSS6.3AI score0.01737EPSS
cve
cve
added 2014/05/13 2:0 p.m.64 views

CVE-2012-6342

CVE-2012-6342 affects Atlassian Confluence 3.4.6 and related versions. A CSRF flaw in logout.action may allow remote attackers to hijack an administrator’s session by triggering a logout for the user via a comment. The connected sources confirm the component (logout.action) and the impact (admin ...

6.8CVSS7.2AI score0.01665EPSS
cve
cve
added 2012/05/22 3:0 p.m.53 views

CVE-2012-2928

The CVE-2012-2928 issue affects the Gliffy plugin for Atlassian JIRA (before 3.7.1) and Gliffy for Confluence (before 4.2). The root cause is improper restriction of third‑party XML parsers, enabling remote attackers to read arbitrary files or cause a denial of service via unspecified vectors. Th...

6.4CVSS7.1AI score0.0306EPSS
cve
cve
added 2025/10/21 4:0 p.m.28 views

CVE-2025-22166

CVE-2025-22166 is a Denial of Service vulnerability affecting Atlassian Confluence Data Center. Introduced in Confluence Data Center 2.0, it enables an unauthenticated remote attacker to render the host unavailable by disrupting services, with high impact on availability. The advisory recommends ...

8.3CVSS6.3AI score0.00459EPSS