Skip to main content

Confluence Server

31 CVEs product

Monthly

CVE-2024-21703 MEDIUM This Month

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. Rated medium severity (CVSS 6.4). No vendor patch available.

Atlassian Information Disclosure Microsoft Confluence Data Center Confluence Server
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-21690 HIGH This Week

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-21686 HIGH This Week

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2024-21683 HIGH POC THREAT Act Now

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server +5
NVD
CVSS 3.1
8.8
EPSS
88.3%
CVE-2024-21677 HIGH This Week

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-21678 HIGH This Week

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-21674 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-21673 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-21672 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-22522 HIGH This Week

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
12.8%
CVE-2023-22518 CRITICAL POC KEV THREAT Emergency

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-22508 HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-22505 HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-22504 MEDIUM This Month

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Atlassian Confluence Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22503 MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-26137 HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo Bitbucket Confluence Data Center +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-26136 CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS Bamboo Bitbucket +9
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-26134 CRITICAL POC KEV PATCH THREAT Act Now

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Atlassian Confluence Data Center Confluence Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-26085 MEDIUM POC KEV THREAT This Month

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Confluence Data Center Confluence Server
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
99.9%
CVE-2021-26072 MEDIUM POC PATCH THREAT This Month

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Data Center Confluence Server
NVD
CVSS 3.1
4.3
EPSS
38.8%
CVE-2020-14175 MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-4027 MEDIUM PATCH This Month

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Confluence Confluence Server
NVD
CVSS 3.1
4.7
EPSS
1.5%
CVE-2019-15006 MEDIUM PATCH This Month

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Atlassian Information Disclosure Confluence Confluence Server
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-3394 HIGH PATCH This Week

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Atlassian Path Traversal Confluence Confluence Server
NVD
CVSS 3.0
8.8
EPSS
11.4%
CVE-2019-3398 HIGH POC KEV PATCH THREAT This Week

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Atlassian Path Traversal RCE Confluence Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
97.2%
CVE-2019-3395 CRITICAL PATCH Act Now

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Confluence Server
NVD
CVSS 3.0
9.8
EPSS
6.7%
CVE-2017-7415 HIGH POC This Week

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Confluence Server
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-6668 HIGH This Week

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Confluence Server Jira Integration For Hipchat
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2012-6342 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Atlassian CSRF Confluence Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-2928 MEDIUM This Month

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Atlassian Jira Gliffy +1
NVD
CVSS 2.0
6.4
EPSS
1.9%
CVE-2012-2926 CRITICAL POC PATCH THREAT Act Now

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Denial Of Service Atlassian Bamboo Confluence Confluence Server +4
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
67.6%
Threat
5.3
EPSS 0% CVSS 6.4
MEDIUM This Month

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. Rated medium severity (CVSS 6.4). No vendor patch available.

Atlassian Information Disclosure Microsoft +2
NVD
EPSS 1% CVSS 8.2
HIGH This Week

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Atlassian +2
NVD
EPSS 1% CVSS 8.7
HIGH This Week

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center +1
NVD
EPSS 88% CVSS 8.8
HIGH POC THREAT Act Now

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Atlassian Confluence Data Center +1
NVD
EPSS 0% CVSS 8.5
HIGH This Week

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +2
NVD
EPSS 13% CVSS 8.8
HIGH This Week

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Confluence Data Center +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Atlassian Confluence Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Confluence Data Center +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo +10
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS +11
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Atlassian Confluence Data Center +1
NVD Exploit-DB
EPSS 100% CVSS 5.3
MEDIUM POC KEV THREAT This Month

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Confluence Data Center +1
NVD Exploit-DB
EPSS 39% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Data Center +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center +1
NVD
EPSS 2% CVSS 4.7
MEDIUM PATCH This Month

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Confluence +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Atlassian Information Disclosure Confluence +1
NVD
EPSS 11% CVSS 8.8
HIGH PATCH This Week

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Atlassian Path Traversal Confluence +1
NVD
EPSS 97% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Atlassian Path Traversal RCE +1
NVD Exploit-DB
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Confluence Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Confluence Server +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Atlassian CSRF Confluence Server
NVD
EPSS 2% CVSS 6.4
MEDIUM This Month

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Atlassian +3
NVD
EPSS 68% 5.3 CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Denial Of Service Atlassian Bamboo +6
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy