Latest atlassian confluence server Vulnerabilities

CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow...
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
Atlassian Jira Software Data Center=8.20.0
Atlassian Jira Software Data Center=9.4.0
Atlassian Jira Software Data Center=9.5.0
Atlassian Jira Software Data Center=9.6.0
and 13 more
CVE-2024-21673
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8....
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
CVE-2024-21672
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 ...
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
CVE-2023-22526
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, al...
Atlassian Confluence Data Center>=7.19.0<7.19.17
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.17
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
CVE-2024-21674
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6...
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
CVE-2023-22527
Atlassian Confluence Data Center and Server Template Injection Vulnerability
Atlassian Confluence Data Center and Server
Atlassian Confluence Data Center>=8.0.0<8.5.4
Atlassian Confluence Data Center>=8.7.0<8.7.1
Atlassian Confluence Server>=8.0.0<8.5.4
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
and 2 more
CVE-2023-34064
Privilege Escalation Vulnerability
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 19 more
CVE-2023-35628
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 10=21H2
Microsoft Windows 11=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10
Microsoft Windows 10=22H2
and 65 more
CVE-2023-36019
Microsoft Power Platform Connector Spoofing Vulnerability
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Azure Logic Apps<3.23113
Microsoft Power Platform<3.23113
Apple Webkit
Microsoft Power Platform
and 22 more
CVE-2023-35630
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows Server 2012
Microsoft Windows 11=22H2
and 70 more
CVE-2023-35641
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008
Microsoft Windows 11=21H2
Microsoft Windows Server 2008
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
and 69 more
CVE-2023-41678
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
CVE-2023-22522
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is abl...
Atlassian Confluence Data Center>=4.0<7.19.17
Atlassian Confluence Data Center>=8.0.0<8.4.5
Atlassian Confluence Data Center>=8.5.0<8.5.4
Atlassian Confluence Data Center>=8.6.0<8.6.2
Atlassian Confluence Data Center=8.7.0
Atlassian Confluence Server>=4.0<7.19.17
and 2 more
CVE-2023-33063
Use After Free in DSP Services
Qualcomm Multiple Chipsets
Google Android
Qualcomm 315 5g Iot Modem Firmware
Qualcomm 315 5g Iot Modem
Google Android
Qualcomm Apq8017
and 581 more
CVE-2023-33106
Use of Out-of-range Pointer Offset in Graphics
Qualcomm Multiple Chipsets
Google Android
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
and 325 more
CVE-2023-33107
Integer Overflow or Wraparound in Graphics Linux
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 503 more
CVE-2023-22518
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian Confluence Data Center>=1.0.0<7.19.16
Atlassian Confluence Data Center>=7.20.0<8.3.4
Atlassian Confluence Data Center>=8.4.0<8.4.4
Atlassian Confluence Data Center>=8.5.0<8.5.3
Atlassian Confluence Data Center=8.6.0
Atlassian Confluence Server>=1.0.0<7.19.16
and 5 more
CVE-2023-22515
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center>=8.0.0<8.3.3
Atlassian Confluence Data Center>=8.4.0<8.4.3
Atlassian Confluence Data Center>=8.5.0<8.5.2
Atlassian Confluence Server>=8.0.0<8.3.3
Atlassian Confluence Server>=8.4.0<8.4.3
Atlassian Confluence Server>=8.5.0<8.5.2
and 1 more
CVE-2023-20588
Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Amd Epyc 7351p Firmware
Amd Epyc 7351p
Amd Epyc 7401p Firmware
Amd Epyc 7401p
and 349 more
CVE-2023-22508
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.4.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability...
Atlassian Confluence Data Center>=6.1.0<7.13.20
Atlassian Confluence Data Center>=7.14.0<7.19.8
Atlassian Confluence Data Center>=7.20.0<8.2.0
Atlassian Confluence Server>=6.1.0<7.13.20
Atlassian Confluence Server>=7.14.0<7.19.8
Atlassian Confluence Server>=7.20.0<8.2.0
and 2 more
CVE-2023-22505
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability...
Atlassian Confluence Data Center>=8.0.0<8.3.2
Atlassian Confluence Server>=8.0.0<8.3.2
CVE-2023-3541
ThinuTech ThinuCMS author_posts.php cross site scripting
Thinutech Thinu-cms=1.5
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
and 20 more
CVE-2023-22504
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability ...
Atlassian Confluence Server<7.13.17
Atlassian Confluence Server>=7.14.0<7.19.9
Atlassian Confluence Server>=7.20.0<8.2.2
CVE-2023-22503
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informat...
Atlassian Confluence Data Center<7.13.15
Atlassian Confluence Data Center>=7.14.0<7.19.7
Atlassian Confluence Data Center>=7.20.0<8.2.0
Atlassian Confluence Server<7.13.15
Atlassian Confluence Server>=7.14.0<7.19.7
Atlassian Confluence Server>=7.20.0<8.2.0
CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to ...
Atlassian Confluence Data Center<7.4.5
Atlassian Confluence Data Center>=7.5.0<7.6.3
Atlassian Confluence Data Center>=7.7.0<7.7.4
Atlassian Confluence Server<7.4.5
Atlassian Confluence Server>=7.5.0<7.6.3
Atlassian Confluence Server>=7.7.0<7.7.4
CVE-2022-26138
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Atlassian Questions For Confluence=2.7.34
Atlassian Questions For Confluence=2.7.35
Atlassian Questions For Confluence=3.0.2
Atlassian Confluence Data Center
Atlassian Confluence Server
CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
CVE-2022-26134
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Atlassian Confluence Data Center>=1.3<7.4.17
Atlassian Confluence Data Center>=7.13.0<7.13.7
Atlassian Confluence Data Center>=7.14.0<7.14.3
Atlassian Confluence Data Center>=7.15.0<7.15.2
Atlassian Confluence Data Center>=7.16.0<7.16.4
and 9 more
CVE-2021-39114
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands b...
Atlassian Confluence Data Center<6.13.23
Atlassian Confluence Data Center>=6.14.0<7.4.11
Atlassian Confluence Data Center>=7.5.0<7.11.6
Atlassian Confluence Data Center>=7.12.0<7.12.5
Atlassian Confluence Server<6.13.23
Atlassian Confluence Server>=6.14.0<7.4.11
and 2 more
CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Conflue...
Atlassian Confluence Data Center<7.4.10
Atlassian Confluence Data Center>=7.5.0<7.12.3
Atlassian Confluence Server<7.4.10
Atlassian Confluence Server>=7.5.0<7.12.3
Microsoft Windows
CVE-2021-26084
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
Atlassian Confluence Data Center<6.13.23
Atlassian Confluence Data Center>=6.14.0<7.4.11
Atlassian Confluence Data Center>=7.5.0<7.11.6
Atlassian Confluence Data Center>=7.12.0<7.12.5
Atlassian Confluence Server<6.13.23
Atlassian Confluence Server>=6.14.0<7.4.11
and 3 more
CVE-2021-26085
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
Atlassian Confluence Data Center<7.4.10
Atlassian Confluence Data Center>=7.5.0<7.12.3
Atlassian Confluence Server<7.4.10
Atlassian Confluence Server>=7.5.0<7.12.3
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
Atlassian Confluence Data Center<7.11.0
Atlassian Confluence Server<7.11.0
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in...
Atlassian Confluence Server<7.4.8
Atlassian Confluence Server>=7.5.0<7.11.0
CVE-2021-26072
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side...
Atlassian Confluence Data Center<5.8.6
Atlassian Confluence Server<5.8.6
CVE-2020-29448
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated re...
Atlassian Confluence Data Center<6.13.18
Atlassian Confluence Data Center>=6.14.0<7.4.6
Atlassian Confluence Data Center>=7.5.0<7.8.3
Atlassian Confluence Server<6.13.18
Atlassian Confluence Server>=6.14.0<7.4.6
Atlassian Confluence Server>=7.5.0<7.8.3
CVE-2020-29450
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload featur...
Atlassian Confluence Data Center<7.2.0
Atlassian Confluence Server<7.2.0
CVE-2020-14175
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. ...
Atlassian Confluence Data Center<7.4.2
Atlassian Confluence Data Center>=7.5.0<7.5.2
Atlassian Confluence Server<7.4.2
Atlassian Confluence Server>=7.5.0<7.5.2
CVE-2019-20102
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-sit...
Atlassian Confluence Server>=6.14.0<=6.14.3
Atlassian Confluence Server>=6.15.0<6.15.5
CVE-2019-20406
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write...
Atlassian Confluence<7.0.5
Atlassian Confluence Server=7.1.0
Microsoft Windows
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind which did not have entity expansion secured properly making it vulnerable to XML external entity (XXE). This vulnerability is similar to <a href="https:...
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00002.1.el6ea
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 147 more
CVE-2019-15006
There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the ...
Atlassian Confluence>=6.11.0<6.13.10
Atlassian Confluence Server>=6.14.0<6.15.10
Atlassian Confluence Server>=7.0.1<7.0.5
Atlassian Confluence Server>=7.1.0<7.1.2
CVE-2019-3394
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read ...
Atlassian Confluence>=6.1.0<6.6.16
Atlassian Confluence>=6.7.0<6.13.7
Atlassian Confluence Server>=6.14.0<6.15.8
CVE-2018-20239
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attacker...
Atlassian Application Links<5.0.11
Atlassian Application Links>=5.1.0<5.2.10
Atlassian Application Links>=5.3.0<5.3.6
Atlassian Application Links>=5.4.0<5.4.12
Atlassian Application Links>=6.0.0<6.0.4
Atlassian Confluence Data Center<6.15.2
and 8 more
CVE-2019-3398
Atlassian Confluence Server and Data Center Path Traversal Vulnerability
Atlassian Confluence>=2.0.0<6.6.13
Atlassian Confluence>=6.7.0<6.12.4
Atlassian Confluence Server>=6.13.0<6.13.4
Atlassian Confluence Server>=6.14.0<6.14.3
CVE-2019-3395
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6...
Atlassian Confluence<6.6.12
Atlassian Confluence>=6.7.0<6.12.3
Atlassian Confluence Server>=6.13.0<6.13.3
Atlassian Confluence Server>=6.14.0<6.14.2
CVE-2019-3396
Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Confluence<6.6.12
Atlassian Confluence>=6.7.0<6.12.3
Atlassian Confluence Server>=6.13.0<6.13.3
Atlassian Confluence Server>=6.14.0<6.14.2
CVE-2018-20237
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Atlassian Confluence Data Center<6.13.1
Atlassian Confluence Data Center>=6.13.2<6.14.0
Atlassian Confluence Server<6.13.1
Atlassian Confluence Server>=6.13.2<6.14.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203