Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence data center vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local malicious users to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence...
Atlassian Confluence Server
Atlassian Confluence Data Center
7.5
CVSSv3
CVE-2024-21674
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unau...
Atlassian Confluence Data Center
Atlassian Confluence Server
7.5
CVSSv3
CVE-2022-42977
The Netic User Export add-on prior to 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be ...
Atlassian Confluence Data Center
7.5
CVSSv3
CVE-2022-42978
In the Netic User Export add-on prior to 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
Atlassian Confluence Data Center
6.5
CVSSv3
CVE-2020-29450
Affected versions of Atlassian Confluence Server and Data Center allow remote malicious users to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
Atlassian Confluence Server
Atlassian Confluence Data Center
6.5
CVSSv3
CVE-2019-15006
There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Se...
Atlassian Confluence
Atlassian Confluence Server
1 Article
6.5
CVSSv3
CVE-2018-20237
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Atlassian Confluence Server
Atlassian Confluence Data Center
6.1
CVSSv3
CVE-2023-52240
The Kantega SAML SSO OIDC Kerberos Single Sign-on apps prior to 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 up to and including 4.14.8 prior to 4.14.9, 5.0.0 up to and including 5.11.4 prior to 5.11.5, and 6.0.0 up to and including ...
Kantega-sso Kantega Saml Sso Oidc Kerberos Single Sign-on
5.4
CVSSv3
CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 prior to 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site sc...
Atlassian Confluence Server
Atlassian Confluence Data Center
5.4
CVSSv3
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server prior to 7.11.0 allow malicious users to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
Atlassian Confluence Server
Atlassian Confluence Data Center
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »