Lucene search

K
AtlassianConfluence Server*

41 matches found

CVE
CVE
added 2025/03/17 10:34 p.m.12203 views

CVE-2023-22512

This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely ...

7.5CVSS8AI score0.10394EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.2027 views

CVE-2019-3396

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version ...

10CVSS9.8AI score0.94486EPSS
CVE
CVE
added 2021/08/30 7:15 a.m.1851 views

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.1...

9.8CVSS8.7AI score0.94437EPSS
CVE
CVE
added 2022/06/03 10:15 p.m.1595 views

CVE-2022-26134

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, fro...

9.8CVSS9.9AI score0.94426EPSS
CVE
CVE
added 2021/08/03 12:15 a.m.1041 views

CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

5.3CVSS5.3AI score0.94187EPSS
CVE
CVE
added 2019/04/18 6:29 p.m.1028 views

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path ...

9CVSS8.8AI score0.93966EPSS
CVE
CVE
added 2023/10/04 2:15 p.m.733 views

CVE-2023-22515

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluen...

10CVSS9.3AI score0.94365EPSS
CVE
CVE
added 2023/10/31 3:15 p.m.466 views

CVE-2023-22518

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform...

10CVSS9.4AI score0.94375EPSS
CVE
CVE
added 2024/01/16 5:15 a.m.450 views

CVE-2023-22527

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server ar...

10CVSS9.7AI score0.94363EPSS
CVE
CVE
added 2024/05/21 11:15 p.m.445 views

CVE-2024-21683

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidential...

8.8CVSS8.8AI score0.94054EPSS
CVE
CVE
added 2022/07/20 6:15 p.m.197 views

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and c...

9.8CVSS9.1AI score0.00224EPSS
CVE
CVE
added 2023/07/18 11:15 p.m.195 views

CVE-2023-22508

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has hig...

8.8CVSS9AI score0.05445EPSS
CVE
CVE
added 2022/07/20 6:15 p.m.142 views

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-...

8.8CVSS9AI score0.00073EPSS
CVE
CVE
added 2023/05/25 2:15 p.m.127 views

CVE-2023-22504

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

6.5CVSS4.7AI score0.00148EPSS
CVE
CVE
added 2024/03/19 5:15 p.m.122 views

CVE-2024-21677

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact t...

8.8CVSS8.1AI score0.00823EPSS
CVE
CVE
added 2019/12/19 1:15 a.m.120 views

CVE-2019-15006

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

6.5CVSS6.2AI score0.01073EPSS
CVE
CVE
added 2023/12/06 5:15 a.m.118 views

CVE-2023-22522

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Da...

9CVSS9.3AI score0.42294EPSS
CVE
CVE
added 2022/04/05 4:15 a.m.109 views

CVE-2021-39114

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 ...

8.8CVSS9.5AI score0.00331EPSS
CVE
CVE
added 2022/02/15 4:15 a.m.104 views

CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center o...

7.8CVSS7.3AI score0.00155EPSS
CVE
CVE
added 2021/05/07 6:15 a.m.101 views

CVE-2020-29445

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.

4.3CVSS4.7AI score0.00103EPSS
CVE
CVE
added 2021/05/07 6:15 a.m.92 views

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.

5.4CVSS5.3AI score0.00233EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.92 views

CVE-2023-22505

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high ...

8.8CVSS8.5AI score0.02891EPSS
CVE
CVE
added 2021/02/22 9:15 p.m.90 views

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect pat...

5.3CVSS5.5AI score0.00301EPSS
CVE
CVE
added 2019/08/29 3:15 p.m.83 views

CVE-2019-3394

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which ma...

8.8CVSS8AI score0.7594EPSS
CVE
CVE
added 2020/07/01 2:15 a.m.82 views

CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7...

6.5CVSS4.9AI score0.00218EPSS
CVE
CVE
added 2021/01/19 1:15 a.m.77 views

CVE-2020-29450

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.

6.5CVSS6.4AI score0.01188EPSS
CVE
CVE
added 2020/07/24 7:15 a.m.76 views

CVE-2020-14175

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.

5.4CVSS5.2AI score0.00237EPSS
CVE
CVE
added 2024/01/16 5:15 a.m.76 views

CVE-2024-21672

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker...

8.8CVSS8.8AI score0.04274EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.75 views

CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and ...

9.8CVSS9.3AI score0.13613EPSS
CVE
CVE
added 2024/07/16 8:15 p.m.74 views

CVE-2024-21686

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to conf...

8.7CVSS6.1AI score0.00283EPSS
CVE
CVE
added 2019/04/30 4:29 p.m.73 views

CVE-2018-20239

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the appl...

5.4CVSS5.2AI score0.00407EPSS
CVE
CVE
added 2024/02/20 6:15 p.m.73 views

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality...

8.5CVSS7.9AI score0.01538EPSS
CVE
CVE
added 2021/04/01 7:15 p.m.67 views

CVE-2021-26072

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.

4.3CVSS4.6AI score0.08044EPSS
CVE
CVE
added 2023/05/01 5:15 p.m.66 views

CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan...

5.3CVSS5AI score0.00288EPSS
CVE
CVE
added 2012/05/22 3:55 p.m.65 views

CVE-2012-2926

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2...

9.1CVSS9AI score0.68563EPSS
CVE
CVE
added 2020/04/22 4:15 a.m.65 views

CVE-2019-20102

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified mimeType parameter.

6.1CVSS6.1AI score0.00407EPSS
CVE
CVE
added 2024/01/16 5:15 a.m.62 views

CVE-2024-21673

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker...

8.8CVSS8.3AI score0.05203EPSS
CVE
CVE
added 2024/01/16 5:15 a.m.57 views

CVE-2024-21674

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacke...

8.6CVSS8AI score0.01389EPSS
CVE
CVE
added 2022/07/26 4:15 a.m.55 views

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnera...

5.4CVSS5.2AI score0.00223EPSS
CVE
CVE
added 2019/02/13 6:29 p.m.53 views

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

6.5CVSS6.3AI score0.00395EPSS
CVE
CVE
added 2024/01/16 5:15 a.m.52 views

CVE-2023-22526

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, hig...

8.8CVSS8.1AI score0.00584EPSS