Atlassian Confluence Data Center
33 CVEs affecting Atlassian Confluence Data Center. Latest disclosed: 2025-10-21. Critical: 4, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-22527 | Critical | 10.0 | 2024-01-16 | A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected inst… |
CVE-2023-22518 | Critical | 10.0 | 2023-10-31 | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthent… |
CVE-2023-22515 | Critical | 10.0 | 2023-10-04 | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in… |
CVE-2023-22522 | Critical | 9.0 | 2023-12-06 | This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page… |
CVE-2024-21674 | High | 8.6 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE… |
CVE-2024-21678 | High | 8.5 | 2024-02-20 | This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8… |
CVE-2023-22508 | High | 8.5 | 2023-07-18 | This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This R… |
CVE-2024-21677 | High | 8.3 | 2024-03-19 | This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Scor… |
CVE-2024-21672 | High | 8.3 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE)… |
CVE-2024-21673 | High | 8.0 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RC… |
CVE-2023-22505 | High | 8.0 | 2023-07-18 | This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This… |
CVE-2023-22512 | High | 7.5 | 2025-03-17 | This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this v… |
CVE-2024-21686 | High | 7.3 | 2024-07-16 | This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS S… |
CVE-2024-21683 | High | 7.2 | 2024-05-21 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Executi… |
CVE-2023-22526 | High | 7.2 | 2024-01-16 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vu… |
CVE-2024-21690 | High | 7.1 | 2024-08-21 | This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4… |
CVE-2023-22503 | Medium | 5.3 | 2023-05-01 | Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Conf… |
CVE-2023-22504 | Medium | 4.3 | 2023-05-25 | Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments v… |
CVE-2025-22166 | | 2025-10-21 | This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability… | |
CVE-2024-21703 | | 2024-11-27 | This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. … |