Vulnerabilities for Confluence server (...) - CXSECURITY.COM

Vulnerabilities for 'Confluence server'

2023-12-06

CVE-2023-22522

CWE-74

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

2022-04-05

CVE-2021-39114

CWE-74

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

>>> Vendor: Atlassian 44 Products

Jira service desk

Jira integration for hipchat

Bitbucket auto unapprove plugin

Bitbucket server

Floodlight controller

Application links

Universal plugin manager

Jira service desk server

Troubleshooting and support

Saml single sign on

Subversion application lifecycle management

Jira software data center

Navigator links

Alfresco enterprise content management

Connect express

Connect spring boot

Jira server and data center

Jira service management

Confluence data center

Confluence server

Bitbucket data center

Jira data center

Assets discovery data server

Assets discovery data center

Assets discovery cloud

Copyright 2024, cxsecurity.com