Confluence Server Security Vulnerabilities and Issues — Confluence Server CVE List

Lucene search

AtlassianConfluence Server

7 matches found

cve•added 2019/03/25 7:29 p.m.•2062 views

CVE-2019-3396

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version ...

10CVSS9.8AI score0.94472EPSS

In wild

cve•added 2019/04/18 6:29 p.m.•1060 views

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path ...

9CVSS8.8AI score0.93863EPSS

In wild

cve•added 2019/12/19 1:15 a.m.•121 views

CVE-2019-15006

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

6.5CVSS6.2AI score0.01073EPSS

cve•added 2019/08/29 3:15 p.m.•91 views

CVE-2019-3394

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under /confluence/WEB-INF directory, which may contain configuration f...

8.8CVSS8AI score0.7594EPSS

cve•added 2019/03/25 7:29 p.m.•76 views

CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and ...

9.8CVSS9.3AI score0.11582EPSS

cve•added 2019/04/30 4:29 p.m.•74 views

CVE-2018-20239

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the appl...

5.4CVSS5.2AI score0.00399EPSS

cve•added 2019/02/13 6:29 p.m.•54 views

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

6.5CVSS6.3AI score0.00563EPSS