Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence data center vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-22522
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly acces...
Atlassian Confluence Server
Atlassian Confluence Data Center 8.7.0
Atlassian Confluence Data Center
9.8
CVSSv3
CVE-2023-22518
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated malicious user to reset Confluence and create a Confluence instance administrator account. Using this account, an ...
Atlassian Confluence Data Center
Atlassian Confluence Data Center 8.6.0
Atlassian Confluence Server
Atlassian Confluence Server 8.6.0
1 Metasploit module
11 Github repositories
4 Articles
9.8
CVSSv3
CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 prior to 7.4.17, fro...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
99 Github repositories
3 Articles
9.8
CVSSv3
CVE-2021-26084
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from ve...
Atlassian Confluence Server
Atlassian Confluence Data Center
47 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts ...
Atlassian Confluence Server
Atlassian Confluence Data Center
32 Github repositories
5 Articles
9.8
CVSSv3
CVE-2023-22527
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated malicious user to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence ...
Atlassian Confluence Data Center
Atlassian Confluence Server
27 Github repositories
2 Articles
4.3
CVSSv3
CVE-2021-26072
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote malicious users to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
Atlassian Confluence Server
Atlassian Confluence Data Center
5.3
CVSSv3
CVE-2020-29448
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 prior to 7.4.6, and from 7.5.0 prior to 7.8.3 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF dir...
Atlassian Confluence Server
Atlassian Confluence Data Center
6.5
CVSSv3
CVE-2020-29450
Affected versions of Atlassian Confluence Server and Data Center allow remote malicious users to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
Atlassian Confluence Server
Atlassian Confluence Data Center
5.4
CVSSv3
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server prior to 7.11.0 allow malicious users to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
Atlassian Confluence Server
Atlassian Confluence Data Center
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »