confluence data center · threatengine.sh

Home/Product/atlassian confluence data center

Product

atlassian confluence data center

36 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

>= 8.5.0 and < 8.5.25

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Den

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server

>= 7.19.0 and <= 7.19.25

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS

>= 7.20.0 and <= 7.20.3

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

>= 6.13.0 and < 7.19.20

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vu

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerab

>= 5.6 and < 7.19.14

This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. Wit

>= 7.19.0 and < 7.19.18

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server

>= 7.19.0 and < 7.19.18

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Serve

>= 7.19.0 and < 7.19.18

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server.

>= 8.0.0 and < 8.5.4

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to ac

>= 7.19.0 and < 7.19.17

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This R

>= 4.0 and < 7.19.17

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user

>= 1.0 and < 7.19.16

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vuln

>= 8.0.0 and < 8.3.3

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previou

>= 6.1.0 and < 7.13.20

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence

>= 8.0.0 and < 8.3.2

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker co

The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the applic

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first a

>= 1.3 and < 7.4.17

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthentica

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center inst

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privilege

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthentica

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbit

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipu

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability v

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 bef

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin