Latest atlassian confluence server Vulnerabilities

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow...
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
Atlassian Jira Software Data Center=8.20.0
Atlassian Jira Software Data Center=9.4.0
Atlassian Jira Software Data Center=9.5.0
Atlassian Jira Software Data Center=9.6.0
and 13 more
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, al...
Atlassian Confluence Data Center>=7.19.0<7.19.17
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.17
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6...
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8....
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 ...
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
Atlassian Confluence Data Center and Server Template Injection Vulnerability
Atlassian Confluence Data Center and Server
Atlassian Confluence Data Center>=8.0.0<8.5.4
Atlassian Confluence Data Center>=8.7.0<8.7.1
Atlassian Confluence Server>=8.0.0<8.5.4
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
and 2 more
Privilege Escalation Vulnerability
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 19 more
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008
Microsoft Windows 11=21H2
Microsoft Windows Server 2008
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
and 69 more
Microsoft Power Platform Connector Spoofing Vulnerability
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Azure Logic Apps<3.23113
Microsoft Power Platform<3.23113
Apple Webkit
Microsoft Power Platform
and 22 more
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows Server 2012
Microsoft Windows 11=22H2
and 70 more
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 10=21H2
Microsoft Windows 11=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10
Microsoft Windows 10=22H2
and 65 more
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is abl...
Atlassian Confluence Data Center>=4.0<7.19.17
Atlassian Confluence Data Center>=8.0.0<8.4.5
Atlassian Confluence Data Center>=8.5.0<8.5.4
Atlassian Confluence Data Center>=8.6.0<8.6.2
Atlassian Confluence Data Center=8.7.0
Atlassian Confluence Server>=4.0<7.19.17
and 2 more
Use After Free in DSP Services
Qualcomm Multiple Chipsets
Google Android
Qualcomm 315 5g Iot Modem Firmware
Qualcomm 315 5g Iot Modem
Google Android
Qualcomm Apq8017
and 581 more
Use of Out-of-range Pointer Offset in Graphics
Qualcomm Multiple Chipsets
Google Android
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
and 325 more
Integer Overflow or Wraparound in Graphics Linux
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 503 more
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian Confluence Data Center>=1.0.0<7.19.16
Atlassian Confluence Data Center>=7.20.0<8.3.4
Atlassian Confluence Data Center>=8.4.0<8.4.4
Atlassian Confluence Data Center>=8.5.0<8.5.3
Atlassian Confluence Data Center=8.6.0
Atlassian Confluence Server>=1.0.0<7.19.16
and 5 more
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center>=8.0.0<8.3.3
Atlassian Confluence Data Center>=8.4.0<8.4.3
Atlassian Confluence Data Center>=8.5.0<8.5.2
Atlassian Confluence Server>=8.0.0<8.3.3
Atlassian Confluence Server>=8.4.0<8.4.3
Atlassian Confluence Server>=8.5.0<8.5.2
and 1 more
Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Amd Epyc 7351p Firmware
Amd Epyc 7351p
Amd Epyc 7401p Firmware
Amd Epyc 7401p
and 349 more
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.4.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability...
Atlassian Confluence Data Center>=6.1.0<7.13.20
Atlassian Confluence Data Center>=7.14.0<7.19.8
Atlassian Confluence Data Center>=7.20.0<8.2.0
Atlassian Confluence Server>=6.1.0<7.13.20
Atlassian Confluence Server>=7.14.0<7.19.8
Atlassian Confluence Server>=7.20.0<8.2.0
and 2 more
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability...
Atlassian Confluence Data Center>=8.0.0<8.3.2
Atlassian Confluence Server>=8.0.0<8.3.2
ThinuTech ThinuCMS author_posts.php cross site scripting
Thinutech Thinu-cms=1.5
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
and 20 more
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability ...
Atlassian Confluence Server<7.13.17
Atlassian Confluence Server>=7.14.0<7.19.9
Atlassian Confluence Server>=7.20.0<8.2.2
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informat...
Atlassian Confluence Data Center<7.13.15
Atlassian Confluence Data Center>=7.14.0<7.19.7
Atlassian Confluence Data Center>=7.20.0<8.2.0
Atlassian Confluence Server<7.13.15
Atlassian Confluence Server>=7.14.0<7.19.7
Atlassian Confluence Server>=7.20.0<8.2.0
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to ...
Atlassian Confluence Data Center<7.4.5
Atlassian Confluence Data Center>=7.5.0<7.6.3
Atlassian Confluence Data Center>=7.7.0<7.7.4
Atlassian Confluence Server<7.4.5
Atlassian Confluence Server>=7.5.0<7.6.3
Atlassian Confluence Server>=7.7.0<7.7.4
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Atlassian Questions For Confluence=2.7.34
Atlassian Questions For Confluence=2.7.35
Atlassian Questions For Confluence=3.0.2
Atlassian Confluence Data Center
Atlassian Confluence Server
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Atlassian Confluence Data Center>=1.3<7.4.17
Atlassian Confluence Data Center>=7.13.0<7.13.7
Atlassian Confluence Data Center>=7.14.0<7.14.3
Atlassian Confluence Data Center>=7.15.0<7.15.2
Atlassian Confluence Data Center>=7.16.0<7.16.4
and 9 more
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands b...
Atlassian Confluence Data Center<6.13.23
Atlassian Confluence Data Center>=6.14.0<7.4.11
Atlassian Confluence Data Center>=7.5.0<7.11.6
Atlassian Confluence Data Center>=7.12.0<7.12.5
Atlassian Confluence Server<6.13.23
Atlassian Confluence Server>=6.14.0<7.4.11
and 2 more
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Conflue...
Atlassian Confluence Data Center<7.4.10
Atlassian Confluence Data Center>=7.5.0<7.12.3
Atlassian Confluence Server<7.4.10
Atlassian Confluence Server>=7.5.0<7.12.3
Microsoft Windows
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
Atlassian Confluence Data Center<6.13.23
Atlassian Confluence Data Center>=6.14.0<7.4.11
Atlassian Confluence Data Center>=7.5.0<7.11.6
Atlassian Confluence Data Center>=7.12.0<7.12.5
Atlassian Confluence Server<6.13.23
Atlassian Confluence Server>=6.14.0<7.4.11
and 3 more
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
Atlassian Confluence Data Center<7.4.10
Atlassian Confluence Data Center>=7.5.0<7.12.3
Atlassian Confluence Server<7.4.10
Atlassian Confluence Server>=7.5.0<7.12.3
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
Atlassian Confluence Data Center<7.11.0
Atlassian Confluence Server<7.11.0
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in...
Atlassian Confluence Server<7.4.8
Atlassian Confluence Server>=7.5.0<7.11.0
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side...
Atlassian Confluence Data Center<5.8.6
Atlassian Confluence Server<5.8.6
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated re...
Atlassian Confluence Data Center<6.13.18
Atlassian Confluence Data Center>=6.14.0<7.4.6
Atlassian Confluence Data Center>=7.5.0<7.8.3
Atlassian Confluence Server<6.13.18
Atlassian Confluence Server>=6.14.0<7.4.6
Atlassian Confluence Server>=7.5.0<7.8.3
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload featur...
Atlassian Confluence Data Center<7.2.0
Atlassian Confluence Server<7.2.0
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. ...
Atlassian Confluence Data Center<7.4.2
Atlassian Confluence Data Center>=7.5.0<7.5.2
Atlassian Confluence Server<7.4.2
Atlassian Confluence Server>=7.5.0<7.5.2
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-sit...
Atlassian Confluence Server>=6.14.0<=6.14.3
Atlassian Confluence Server>=6.15.0<6.15.5
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write...
Atlassian Confluence<7.0.5
Atlassian Confluence Server=7.1.0
Microsoft Windows
A flaw was found in FasterXML Jackson Databind which did not have entity expansion secured properly making it vulnerable to XML external entity (XXE). This vulnerability is similar to <a href="https:...
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00002.1.el6ea
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 147 more
There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the ...
Atlassian Confluence>=6.11.0<6.13.10
Atlassian Confluence Server>=6.14.0<6.15.10
Atlassian Confluence Server>=7.0.1<7.0.5
Atlassian Confluence Server>=7.1.0<7.1.2
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read ...
Atlassian Confluence>=6.1.0<6.6.16
Atlassian Confluence>=6.7.0<6.13.7
Atlassian Confluence Server>=6.14.0<6.15.8
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attacker...
Atlassian Application Links<5.0.11
Atlassian Application Links>=5.1.0<5.2.10
Atlassian Application Links>=5.3.0<5.3.6
Atlassian Application Links>=5.4.0<5.4.12
Atlassian Application Links>=6.0.0<6.0.4
Atlassian Confluence Data Center<6.15.2
and 8 more
Atlassian Confluence Server and Data Center Path Traversal Vulnerability
Atlassian Confluence>=2.0.0<6.6.13
Atlassian Confluence>=6.7.0<6.12.4
Atlassian Confluence Server>=6.13.0<6.13.4
Atlassian Confluence Server>=6.14.0<6.14.3
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6...
Atlassian Confluence<6.6.12
Atlassian Confluence>=6.7.0<6.12.3
Atlassian Confluence Server>=6.13.0<6.13.3
Atlassian Confluence Server>=6.14.0<6.14.2
Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Confluence<6.6.12
Atlassian Confluence>=6.7.0<6.12.3
Atlassian Confluence Server>=6.13.0<6.13.3
Atlassian Confluence Server>=6.14.0<6.14.2
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Atlassian Confluence Data Center<6.13.1
Atlassian Confluence Data Center>=6.13.2<6.14.0
Atlassian Confluence Server<6.13.1
Atlassian Confluence Server>=6.13.2<6.14.0

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203