Skip to main content

Confluence Data Center

22 CVEs product

Monthly

CVE-2024-21703 MEDIUM This Month

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. Rated medium severity (CVSS 6.4). No vendor patch available.

Atlassian Information Disclosure Microsoft Confluence Data Center Confluence Server
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-21690 HIGH This Week

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-21686 HIGH This Week

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2024-21683 HIGH POC THREAT Act Now

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server +5
NVD
CVSS 3.1
8.8
EPSS
88.3%
CVE-2024-21677 HIGH This Week

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-21678 HIGH This Week

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-21674 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-21673 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-21672 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-22522 HIGH This Week

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
12.8%
CVE-2023-22518 CRITICAL POC KEV THREAT Emergency

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-22508 HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-22505 HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-22503 MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-42978 HIGH POC This Week

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42977 HIGH POC This Week

The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Confluence Data Center
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-26137 HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo Bitbucket Confluence Data Center +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-26136 CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS Bamboo Bitbucket +9
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-26134 CRITICAL POC KEV PATCH THREAT Act Now

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Atlassian Confluence Data Center Confluence Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-26085 MEDIUM POC KEV THREAT This Month

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Confluence Data Center Confluence Server
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
99.9%
CVE-2021-26072 MEDIUM POC PATCH THREAT This Month

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Data Center Confluence Server
NVD
CVSS 3.1
4.3
EPSS
38.8%
CVE-2020-14175 MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
5.4
EPSS
1.2%
EPSS 0% CVSS 6.4
MEDIUM This Month

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. Rated medium severity (CVSS 6.4). No vendor patch available.

Atlassian Information Disclosure Microsoft +2
NVD
EPSS 1% CVSS 8.2
HIGH This Week

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Atlassian +2
NVD
EPSS 1% CVSS 8.7
HIGH This Week

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center +1
NVD
EPSS 88% CVSS 8.8
HIGH POC THREAT Act Now

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Atlassian Confluence Data Center +1
NVD
EPSS 0% CVSS 8.5
HIGH This Week

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +2
NVD
EPSS 13% CVSS 8.8
HIGH This Week

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Confluence Data Center +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Confluence Data Center +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Confluence Data Center
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo +10
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS +11
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Atlassian Confluence Data Center +1
NVD Exploit-DB
EPSS 100% CVSS 5.3
MEDIUM POC KEV THREAT This Month

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Confluence Data Center +1
NVD Exploit-DB
EPSS 39% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Data Center +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy