Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence vulnerabilities and exploits
(subscribe to this query)
580
VMScore
CVE-2020-4027
Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5,...
Atlassian Confluence
Atlassian Confluence Server
578
VMScore
CVE-2021-39114
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, f...
Atlassian Confluence Server
Atlassian Confluence Data Center
578
VMScore
CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
Atlassian Companion
570
VMScore
CVE-2012-2928
The Gliffy plugin prior to 3.7.1 for Atlassian JIRA, and prior to 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote malicious users to read arbitrary files or cause a denial of service (resource consumption) ...
Atlassian Jira
Gliffy Gliffy 2.1.1
Gliffy Gliffy 3.0.0
Gliffy Gliffy 2.0.1
Gliffy Gliffy 2.1.0
Gliffy Gliffy 3.1.2
Gliffy Gliffy 3.0.1
Gliffy Gliffy 2.2.2
Gliffy Gliffy 2.2.1
Gliffy Gliffy 3.1.1
Gliffy Gliffy 3.0.5
Gliffy Gliffy 3.1.4
Gliffy Gliffy 3.5
Gliffy Gliffy 2.2.0
Gliffy Gliffy 3.0.2
Gliffy Gliffy 3.0.4
Gliffy Gliffy 3.5.2
Gliffy Gliffy 3.6
Gliffy Gliffy 2.1.2
Gliffy Gliffy 3.0.3
Gliffy Gliffy
Gliffy Gliffy 2.0.0
534
VMScore
CVE-2019-13347
An issue exists in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 up to and including 3.2.2 for Jira and Confluence, versions 2.4.0 up to and including 3.0.3 for Bitbucket, and versions 2.4.0 up to and including 2.5.2 for Bamboo. It a...
Atlassian Saml Single Sign On
534
VMScore
CVE-2019-15053
The "HTML Include and replace macro" plugin prior to 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
Atlassian Html Include And Replace Macro
1 Github repository
516
VMScore
CVE-2019-15006
There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Se...
Atlassian Confluence
Atlassian Confluence Server
1 Article
490
VMScore
CVE-2017-9513
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated malicious users to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do ...
Atlassian Activity Streams
446
VMScore
CVE-2021-26085
Affected versions of Atlassian Confluence Server allow remote malicious users to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 prior to 7.12.3.
Atlassian Confluence Server
Atlassian Confluence Data Center
4 Github repositories
445
VMScore
CVE-2020-29448
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 prior to 7.4.6, and from 7.5.0 prior to 7.8.3 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF dir...
Atlassian Confluence Server
Atlassian Confluence Data Center
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »