Confluence Server@6.14.0 Security Vulnerabilities and Issues — Confluence Server@6.14.0 CVE List

Lucene search

AtlassianConfluence Server6.14.0

9 matches found

CVE•added 2019/03/25 7:29 p.m.•2066 views

CVE-2019-3396

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version ...

10CVSS9.8AI score0.94472EPSS

In wildWeb

CVE•added 2021/08/30 7:15 a.m.•1886 views

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.1...

9.8CVSS8.7AI score0.94437EPSS

In wildWeb

CVE•added 2019/04/18 6:29 p.m.•1063 views

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path ...

9CVSS8.8AI score0.93863EPSS

In wildWeb

CVE•added 2019/12/19 1:15 a.m.•121 views

CVE-2019-15006

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

6.5CVSS6.2AI score0.01073EPSS

CVE•added 2022/04/05 4:15 a.m.•110 views

CVE-2021-39114

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 ...

8.8CVSS9.5AI score0.00331EPSS

CVE•added 2021/02/22 9:15 p.m.•92 views

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect pat...

5.3CVSS5.5AI score0.00301EPSS

CVE•added 2019/08/29 3:15 p.m.•91 views

CVE-2019-3394

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under /confluence/WEB-INF directory, which may contain configuration f...

8.8CVSS8AI score0.7594EPSS

CVE•added 2019/03/25 7:29 p.m.•76 views

CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and ...

9.8CVSS9.3AI score0.11582EPSS

CVE•added 2020/04/22 4:15 a.m.•66 views

CVE-2019-20102

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified mimeType parameter.

6.1CVSS6.1AI score0.0042EPSS