Confluence Server Security Vulnerabilities and Issues — Confluence Server CVE List

Lucene search

AtlassianConfluence Server

7 matches found

CVE•added 2021/08/30 7:15 a.m.•1856 views

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.1...

9.8CVSS8.7AI score0.94437EPSS

CVE•added 2022/06/03 10:15 p.m.•1600 views

CVE-2022-26134

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, fro...

9.8CVSS9.9AI score0.94426EPSS

CVE•added 2019/04/18 6:29 p.m.•1033 views

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path ...

9CVSS8.8AI score0.93944EPSS

CVE•added 2022/07/20 6:15 p.m.•197 views

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and c...

9.8CVSS9.1AI score0.00224EPSS

CVE•added 2023/12/06 5:15 a.m.•118 views

CVE-2023-22522

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Da...

9CVSS9.3AI score0.42294EPSS

CVE•added 2019/03/25 7:29 p.m.•75 views

CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and ...

9.8CVSS9.3AI score0.13613EPSS

CVE•added 2012/05/22 3:55 p.m.•65 views

CVE-2012-2926

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2...

9.1CVSS9AI score0.68563EPSS