Atlassian Confluence Server
38 CVEs affecting Atlassian Confluence Server. Latest disclosed: 2025-03-17. Critical: 4, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-22527 | Critical | 10.0 | 2024-01-16 | A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected inst… |
CVE-2023-22518 | Critical | 10.0 | 2023-10-31 | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthent… |
CVE-2023-22515 | Critical | 10.0 | 2023-10-04 | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in… |
CVE-2023-22522 | Critical | 9.0 | 2023-12-06 | This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page… |
CVE-2024-21674 | High | 8.6 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE… |
CVE-2023-22508 | High | 8.5 | 2023-07-18 | This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This R… |
CVE-2024-21672 | High | 8.3 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE)… |
CVE-2024-21673 | High | 8.0 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RC… |
CVE-2023-22505 | High | 8.0 | 2023-07-18 | This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This… |
CVE-2023-22512 | High | 7.5 | 2025-03-17 | This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this v… |
CVE-2024-21686 | High | 7.3 | 2024-07-16 | This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS S… |
CVE-2024-21690 | High | 7.1 | 2024-08-21 | This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4… |
CVE-2023-22503 | Medium | 5.3 | 2023-05-01 | Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Conf… |
CVE-2023-22504 | Medium | 4.3 | 2023-05-25 | Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments v… |
CVE-2017-9505 | Medium | 4.3 | 2017-06-15 | Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comm… |
CVE-2024-21703 | | 2024-11-27 | This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. … | |
CVE-2020-36290 | | 2022-07-26 | The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 al… | |
CVE-2022-26137 | | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application… | |
CVE-2022-26136 | | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impa… | |
CVE-2022-26134 | | 2022-06-03 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbit… |