Confluence Server Security Vulnerabilities and Issues — Confluence Server CVE List

Lucene search

AtlassianConfluence Server

8 matches found

CVE•added 2023/05/25 2:15 p.m.•127 views

CVE-2023-22504

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

6.5CVSS4.7AI score0.00148EPSS

CVE•added 2019/12/19 1:15 a.m.•120 views

CVE-2019-15006

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

6.5CVSS6.2AI score0.01073EPSS

CVE•added 2020/07/01 2:15 a.m.•82 views

CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7...

6.5CVSS4.9AI score0.00218EPSS

CVE•added 2021/01/19 1:15 a.m.•77 views

CVE-2020-29450

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.

6.5CVSS6.4AI score0.01188EPSS

CVE•added 2020/04/22 4:15 a.m.•65 views

CVE-2019-20102

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified mimeType parameter.

6.1CVSS6.1AI score0.00407EPSS

CVE•added 2019/02/13 6:29 p.m.•53 views

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

6.5CVSS6.3AI score0.00395EPSS

CVE•added 2014/05/13 2:55 p.m.•42 views

CVE-2012-6342

Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.

6.8CVSS7.2AI score0.0018EPSS

CVE•added 2012/05/22 3:55 p.m.•41 views

CVE-2012-2928

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

6.4CVSS7.1AI score0.0193EPSS