Confluence Server@7.20.0 Security Vulnerabilities and Issues — Confluence Server@7.20.0 CVE List

Lucene search

AtlassianConfluence Server7.20.0

9 matches found

CVE•added 2023/10/31 3:15 p.m.•515 views

CVE-2023-22518

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform...

10CVSS9.4AI score0.94375EPSS

In wild

CVE•added 2024/05/21 11:15 p.m.•453 views

CVE-2024-21683

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidential...

8.8CVSS8.8AI score0.94054EPSS

In wildWeb

CVE•added 2023/07/18 11:15 p.m.•197 views

CVE-2023-22508

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has hig...

8.8CVSS9AI score0.05445EPSS

CVE•added 2023/05/25 2:15 p.m.•128 views

CVE-2023-22504

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

6.5CVSS4.7AI score0.00148EPSS

CVE•added 2024/03/19 5:15 p.m.•125 views

CVE-2024-21677

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact t...

8.8CVSS8.1AI score0.01959EPSS

CVE•added 2024/08/21 4:15 p.m.•122 views

CVE-2024-21690

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF (Cross-Site Request Forgery) vul...

8.2CVSS6.5AI score0.00548EPSS

CVE•added 2024/07/16 8:15 p.m.•77 views

CVE-2024-21686

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to conf...

8.7CVSS6.1AI score0.01028EPSS

CVE•added 2024/02/20 6:15 p.m.•76 views

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality...

8.5CVSS7.9AI score0.01538EPSS

CVE•added 2023/05/01 5:15 p.m.•67 views

CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan...

5.3CVSS5AI score0.00288EPSS