Lucene search

K
AtlassianConfluence Server*

21 matches found

CVE
CVE
added 2019/03/25 7:29 p.m.2066 views

CVE-2019-3396

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version ...

10CVSS9.8AI score0.94472EPSS
In wildWeb
CVE
CVE
added 2021/08/30 7:15 a.m.1886 views

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.1...

9.8CVSS8.7AI score0.94437EPSS
In wildWeb
CVE
CVE
added 2021/08/03 12:15 a.m.1073 views

CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

5.3CVSS5.3AI score0.94187EPSS
In wild
CVE
CVE
added 2022/07/20 6:15 p.m.199 views

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and c...

9.8CVSS9.1AI score0.00244EPSS
CVE
CVE
added 2022/07/20 6:15 p.m.143 views

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-...

8.8CVSS9AI score0.00065EPSS
CVE
CVE
added 2023/05/25 2:15 p.m.128 views

CVE-2023-22504

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

6.5CVSS4.7AI score0.00148EPSS
CVE
CVE
added 2022/04/05 4:15 a.m.110 views

CVE-2021-39114

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 ...

8.8CVSS9.5AI score0.00331EPSS
CVE
CVE
added 2022/02/15 4:15 a.m.106 views

CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center o...

7.8CVSS7.3AI score0.00155EPSS
CVE
CVE
added 2021/05/07 6:15 a.m.103 views

CVE-2020-29445

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.

4.3CVSS4.7AI score0.00103EPSS
CVE
CVE
added 2021/05/07 6:15 a.m.93 views

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.

5.4CVSS5.3AI score0.00233EPSS
CVE
CVE
added 2021/02/22 9:15 p.m.92 views

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect pat...

5.3CVSS5.5AI score0.00301EPSS
CVE
CVE
added 2021/01/19 1:15 a.m.78 views

CVE-2020-29450

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.

6.5CVSS6.4AI score0.0073EPSS
CVE
CVE
added 2020/07/24 7:15 a.m.77 views

CVE-2020-14175

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.

5.4CVSS5.2AI score0.00231EPSS
CVE
CVE
added 2024/07/16 8:15 p.m.77 views

CVE-2024-21686

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to conf...

8.7CVSS6.1AI score0.01028EPSS
CVE
CVE
added 2024/02/20 6:15 p.m.76 views

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality...

8.5CVSS7.9AI score0.01538EPSS
CVE
CVE
added 2019/04/30 4:29 p.m.74 views

CVE-2018-20239

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the appl...

5.4CVSS5.2AI score0.00399EPSS
CVE
CVE
added 2021/04/01 7:15 p.m.69 views

CVE-2021-26072

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.

4.3CVSS4.6AI score0.08999EPSS
CVE
CVE
added 2024/11/27 5:15 p.m.69 views

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive ...

6.4CVSS6.5AI score0.0002EPSS
CVE
CVE
added 2023/05/01 5:15 p.m.67 views

CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan...

5.3CVSS5AI score0.00288EPSS
CVE
CVE
added 2022/07/26 4:15 a.m.57 views

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnera...

5.4CVSS5.2AI score0.00459EPSS
CVE
CVE
added 2019/02/13 6:29 p.m.55 views

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

6.5CVSS6.3AI score0.00563EPSS