confluence server · threatengine.sh

Home/Product/atlassian confluence server

Product

atlassian confluence server

49 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

>= 8.5.0 and < 8.5.25

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Den

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server

>= 7.19.0 and <= 7.19.25

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS

>= 7.20.0 and <= 7.20.3

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

>= 6.13.0 and < 7.19.20

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vu

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerab

>= 5.6 and < 7.19.14

This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. Wit

>= 7.19 and < 7.19.18

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server

>= 7.19 and < 7.19.18

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Serve

>= 7.19 and < 7.19.18

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server.

>= 8.0.0 and < 8.5.4

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to ac

>= 7.19 and < 7.19.17

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This R

>= 4.0 and < 7.19.17

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user

>= 1.0 and < 7.19.16

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vuln

>= 8.0.0 and < 8.3.3

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previou

>= 6.1.0 and < 7.13.20

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence

>= 8.0.0 and < 8.3.2

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permiss

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first a

>= 1.3 and < 7.4.17

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthentica

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center inst

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privilege

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthentica

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbit

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal ho

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipu

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability v

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via

>= 7.5.0 and < 7.5.1

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions t

>= 6.14.0 and <= 6.14.3

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 bef

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before ve

>= 6.14.0 and < 6.15.10

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence D

>= 6.14.0 and < 6.15.8

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker wi

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 bef

>= 2.0 and < 6.6.13

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0

>= 6.13.0 and < 6.13.3

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from versio

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts di

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17;

Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack t

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabil

>= 4.0 and < 4.0.7

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8,

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin