All the vulnerabilites related to atlassian - confluence_data_center
cve-2023-22522
Vulnerability from cvelistv5
Published
2023-12-06 05:00
Modified
2024-08-02 10:13
Severity ?
9.0 (Critical) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References
https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362
https://jira.atlassian.com/browse/CONFSERVER-93502
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 4.0.0
Version: >= 7.20.0
Version: >= 8.0.0
Version: >= 8.6.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-93502"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 4.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.20.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.17"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.4.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.6.2"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.7.1"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 4.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.20.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.17"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.4.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.6.2"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.7.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-06T21:00:01.250Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362"
        },
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-93502"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22522",
    "datePublished": "2023-12-06T05:00:02.870Z",
    "dateReserved": "2023-01-01T00:01:22.333Z",
    "dateUpdated": "2024-08-02T10:13:48.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26084
Vulnerability from cvelistv5
Published
2021-08-30 06:30
Modified
2024-09-17 02:41
Severity ?
Summary
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
References
https://jira.atlassian.com/browse/CONFSERVER-67940x_refsource_MISC
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Version: unspecified   < 6.13.23
Version: 6.14.0   < unspecified
Version: unspecified   < 7.4.11
Version: 7.5.0   < unspecified
Version: unspecified   < 7.11.6
Version: 7.12.0   < unspecified
Version: unspecified   < 7.12.5
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:19.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.23",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.11.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.23",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.11.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T17:06:12",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2021-08-10T00:00:00",
          "ID": "CVE-2021-26084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.23"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.11.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.12.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.23"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.11.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.12.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-67940",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
            },
            {
              "name": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2021-26084",
    "datePublished": "2021-08-30T06:30:14.248600Z",
    "dateReserved": "2021-01-25T00:00:00",
    "dateUpdated": "2024-09-17T02:41:26.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22515
Vulnerability from cvelistv5
Published
2023-10-04 14:00
Modified
2024-09-13 18:13
Severity ?
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References
http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
https://jira.atlassian.com/browse/CONFSERVER-92475
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 8.0.0
Version: >= 8.0.1
Version: >= 8.0.2
Version: >= 8.0.3
Version: >= 8.1.3
Version: >= 8.1.4
Version: >= 8.2.0
Version: >= 8.2.1
Version: >= 8.2.2
Version: >= 8.2.3
Version: >= 8.3.0
Version: >= 8.3.1
Version: >= 8.3.2
Version: >= 8.4.0
Version: >= 8.4.1
Version: >= 8.4.2
Version: >= 8.5.0
Version: >= 8.5.1
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-92475"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.3.3",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.4.3",
                "status": "affected",
                "version": "8.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.5.2",
                "status": "affected",
                "version": "8.5.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.3.3",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.4.3",
                "status": "affected",
                "version": "8.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.5.2",
                "status": "affected",
                "version": "8.5.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-22515",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-09T05:05:17.297744Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-05",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-22515"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-13T18:13:18.030Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.3.3"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.4.3"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.2"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.3.3"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.4.3"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "an Atlassian customer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. \r\n\r\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. "
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "BASM (Broken Authentication \u0026 Session Management)",
              "lang": "en",
              "type": "BASM (Broken Authentication \u0026 Session Management)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T16:00:01.026Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html"
        },
        {
          "url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515"
        },
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276"
        },
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-92475"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22515",
    "datePublished": "2023-10-04T14:00:00.820Z",
    "dateReserved": "2023-01-01T00:01:22.331Z",
    "dateUpdated": "2024-09-13T18:13:18.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21673
Vulnerability from cvelistv5
Published
2024-01-16 05:00
Modified
2024-10-23 15:24
Severity ?
8.0 (High) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).
References
https://jira.atlassian.com/browse/CONFSERVER-94065
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 7.13.0
Version: >= 7.19.0
Version: >= 8.0.0
Version: >= 8.1.0
Version: >= 8.2.0
Version: >= 8.3.0
Version: >= 8.4.0
Version: >= 8.5.0
Version: >= 8.6.0
Version: >= 8.7.1
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.035Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-94065"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.7.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.7.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-25T05:00:56.340614Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T15:24:02.784Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.13.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.13.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.18"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.7.2"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.13.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.13.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.18"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "xiaoc"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of\u00a0CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives )."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T18:00:00.463Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-94065"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2024-21673",
    "datePublished": "2024-01-16T05:00:00.724Z",
    "dateReserved": "2024-01-01T00:05:33.845Z",
    "dateUpdated": "2024-10-23T15:24:02.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22508
Vulnerability from cvelistv5
Published
2023-07-18 23:00
Modified
2024-08-02 10:13
Severity ?
8.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to avoid this bug using the following options: * Upgrade to a Confluence feature release greater than or equal to 8.2.0 (ie: 8.2, 8.2, 8.4, etc...) * Upgrade to a Confluence 7.19 LTS bugfix release greater than or equal to 7.19.8 (ie: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc...) * Upgrade to a Confluence 7.13 LTS bugfix release greater than or equal to 7.13.20 (Release available early August) See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Data Center & Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). If you are unable to upgrade your instance please use the following guide to workaround the issue https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html This vulnerability was discovered by a private user and reported via our Bug Bounty program.
References
https://jira.atlassian.com/browse/CONFSERVER-88221
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 6.1.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.922Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-88221"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 6.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.1.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.8"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.2.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 6.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.1.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.8"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "a private user"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center \u0026 Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to avoid this bug using the following options: * Upgrade to a Confluence feature release greater than or equal to 8.2.0 (ie: 8.2, 8.2, 8.4, etc...) * Upgrade to a Confluence 7.19 LTS bugfix release greater than or equal to 7.19.8 (ie: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc...) * Upgrade to a Confluence 7.13 LTS bugfix release greater than or equal to 7.13.20 (Release available early August) See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Data Center \u0026 Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). If you are unable to upgrade your instance please use the following guide to workaround the issue https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html This vulnerability was discovered by a private user and reported via our Bug Bounty program."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-28T17:00:01.069Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-88221"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22508",
    "datePublished": "2023-07-18T23:00:00.725Z",
    "dateReserved": "2023-01-01T00:01:22.330Z",
    "dateUpdated": "2024-08-02T10:13:48.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22526
Vulnerability from cvelistv5
Published
2024-01-16 05:00
Modified
2024-08-02 10:13
Severity ?
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program
References
https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615
https://jira.atlassian.com/browse/CONFSERVER-93516
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-93516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.13.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.13.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.17"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.7.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "m1sn0w"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center.\r\n\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\r\n\r\nAtlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release\r\n Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\r\n Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\r\n\r\nSee the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).\r\n\r\nThis vulnerability was discovered by m1sn0w and reported via our Bug Bounty program"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T18:00:00.754Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615"
        },
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-93516"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22526",
    "datePublished": "2024-01-16T05:00:00.597Z",
    "dateReserved": "2023-01-01T00:01:22.333Z",
    "dateUpdated": "2024-08-02T10:13:48.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22505
Vulnerability from cvelistv5
Published
2023-07-18 21:00
Modified
2024-10-01 16:57
Severity ?
8.0 (High) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] This vulnerability was discovered by a private user and reported via our Bug Bounty program.
References
https://jira.atlassian.com/browse/CONFSERVER-88265
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 8.0.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-88265"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.3.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.3.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T16:34:34.966748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T16:57:28.043Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.3.2"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.4.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.3.2"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "a private user"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center \u0026 Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you\u0027re unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).]  You can download the latest version of Confluence Data Center \u0026 Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] \n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-18T21:00:00.968Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-88265"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22505",
    "datePublished": "2023-07-18T21:00:00.968Z",
    "dateReserved": "2023-01-01T00:01:22.329Z",
    "dateUpdated": "2024-10-01T16:57:28.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26085
Vulnerability from cvelistv5
Published
2021-08-03 00:00
Modified
2024-09-17 03:02
Severity ?
Summary
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
References
https://jira.atlassian.com/browse/CONFSERVER-67893x_refsource_MISC
http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Version: unspecified   < 7.4.10
Version: 7.5.0   < unspecified
Version: unspecified   < 7.12.3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:19.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-67893"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Pre-Authorization Arbitrary File Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-05T16:06:18",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-67893"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2021-07-29T00:00:00",
          "ID": "CVE-2021-26085",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Pre-Authorization Arbitrary File Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-67893",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-67893"
            },
            {
              "name": "http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2021-26085",
    "datePublished": "2021-08-03T00:00:12.199230Z",
    "dateReserved": "2021-01-25T00:00:00",
    "dateUpdated": "2024-09-17T03:02:09.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26137
Vulnerability from cvelistv5
Published
2022-07-20 17:25
Modified
2024-10-03 17:10
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
References
https://jira.atlassian.com/browse/BAM-21795x_refsource_MISC
https://jira.atlassian.com/browse/BSERV-13370x_refsource_MISC
https://jira.atlassian.com/browse/CONFSERVER-79476x_refsource_MISC
https://jira.atlassian.com/browse/CWD-5815x_refsource_MISC
https://jira.atlassian.com/browse/FE-7410x_refsource_MISC
https://jira.atlassian.com/browse/CRUC-8541x_refsource_MISC
https://jira.atlassian.com/browse/JRASERVER-73897x_refsource_MISC
https://jira.atlassian.com/browse/JSDSERVER-11863x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bamboo Data Center Version: unspecified   < 8.0.9
Version: 8.1.0   < unspecified
Version: unspecified   < 8.1.8
Version: 8.2.0   < unspecified
Version: unspecified   < 8.2.4
Atlassian Bitbucket Server Version: unspecified   < 7.6.16
Version: 7.7.0   < unspecified
Version: 7.16.0   < unspecified
Version: unspecified   < 7.17.8
Version: 7.18.0   < unspecified
Version: unspecified   < 7.19.5
Version: 7.20.0   < unspecified
Version: unspecified   < 7.20.2
Version: 7.21.0   < unspecified
Version: unspecified   < 7.21.2
Version: 8.0.0
Version: 8.1.0
Atlassian Bitbucket Data Center Version: unspecified   < 7.6.16
Version: 7.7.0   < unspecified
Version: 7.16.0   < unspecified
Version: unspecified   < 7.17.8
Version: 7.18.0   < unspecified
Version: unspecified   < 7.19.5
Version: 7.20.0   < unspecified
Version: unspecified   < 7.20.2
Version: 7.21.0   < unspecified
Version: unspecified   < 7.21.2
Version: 8.0.0
Version: 8.1.0
Atlassian Confluence Server Version: unspecified   < 7.4.17
Version: 7.5.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0
Atlassian Confluence Data Center Version: unspecified   < 7.4.17
Version: 7.5.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0
Atlassian Crowd Server Version: unspecified   < 4.3.8
Version: 4.4.0   < unspecified
Version: unspecified   < 4.4.2
Version: 5.0.0
Atlassian Crowd Data Center Version: unspecified   < 4.3.8
Version: 4.4.0   < unspecified
Version: unspecified   < 4.4.2
Version: 5.0.0
Atlassian Crucible Version: unspecified   < 4.8.10
Atlassian Fisheye Version: unspecified   < 4.8.10
Atlassian Jira Core Server Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
Atlassian Jira Software Server Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
Atlassian Jira Software Data Center Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
Atlassian Jira Service Management Server Version: unspecified   < 4.13.22
Version: 4.14.0   < unspecified
Version: unspecified   < 4.20.10
Version: 4.21.0   < unspecified
Version: unspecified   < 4.22.4
Atlassian Jira Service Management Data Center Version: unspecified   < 4.13.22
Version: 4.14.0   < unspecified
Version: unspecified   < 4.20.10
Version: 4.21.0   < unspecified
Version: unspecified   < 4.22.4
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BAM-21795"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13370"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CWD-5815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/FE-7410"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CRUC-8541"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bamboo",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.2.10",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.9",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.1.8",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.4",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.6.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.8",
                "status": "affected",
                "version": "7.7.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.5",
                "status": "affected",
                "version": "7.18.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.20.2",
                "status": "affected",
                "version": "7.20.1",
                "versionType": "custom"
              },
              {
                "lessThan": "7.21.2",
                "status": "affected",
                "version": "7.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.3.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.4.2",
                "status": "affected",
                "version": "4.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crucible",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fisheye",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T16:48:52.174175Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T17:10:16.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bamboo Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bamboo Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Crowd Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crowd Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crucible",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Fisheye",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-180",
              "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-20T17:25:23",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BAM-21795"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-13370"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CWD-5815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/FE-7410"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CRUC-8541"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-07-20T00:00:00",
          "ID": "CVE-2022-26137",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bamboo Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bamboo Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crucible",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fisheye",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Core Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BAM-21795",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "name": "https://jira.atlassian.com/browse/BSERV-13370",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "name": "https://jira.atlassian.com/browse/CWD-5815",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "name": "https://jira.atlassian.com/browse/FE-7410",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "name": "https://jira.atlassian.com/browse/CRUC-8541",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26137",
    "datePublished": "2022-07-20T17:25:23.603830Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-03T17:10:16.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-29448
Vulnerability from cvelistv5
Published
2021-02-18 15:08
Modified
2024-09-17 02:31
Severity ?
Summary
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
References
https://jira.atlassian.com/browse/CONFSERVER-60469x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Version: unspecified   < 6.13.18
Version: 6.14.0   < unspecified
Version: unspecified   < 7.4.6
Version: 7.5.0   < unspecified
Version: unspecified   < 7.8.3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:55:09.777Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary File Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-18T15:08:59",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2020-11-10T12:03:00",
          "ID": "CVE-2020-29448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.18"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.18"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.8.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary File Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-60469",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2020-29448",
    "datePublished": "2021-02-18T15:08:59.028136Z",
    "dateReserved": "2020-12-01T00:00:00",
    "dateUpdated": "2024-09-17T02:31:11.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26136
Vulnerability from cvelistv5
Published
2022-07-20 17:25
Modified
2024-10-03 16:43
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
References
https://jira.atlassian.com/browse/BAM-21795x_refsource_MISC
https://jira.atlassian.com/browse/BSERV-13370x_refsource_MISC
https://jira.atlassian.com/browse/CONFSERVER-79476x_refsource_MISC
https://jira.atlassian.com/browse/CWD-5815x_refsource_MISC
https://jira.atlassian.com/browse/FE-7410x_refsource_MISC
https://jira.atlassian.com/browse/CRUC-8541x_refsource_MISC
https://jira.atlassian.com/browse/JRASERVER-73897x_refsource_MISC
https://jira.atlassian.com/browse/JSDSERVER-11863x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bamboo Data Center Version: unspecified   < 8.0.9
Version: 8.1.0   < unspecified
Version: unspecified   < 8.1.8
Version: 8.2.0   < unspecified
Version: unspecified   < 8.2.4
Atlassian Bitbucket Server Version: unspecified   < 7.6.16
Version: 7.7.0   < unspecified
Version: 7.16.0   < unspecified
Version: unspecified   < 7.17.8
Version: 7.18.0   < unspecified
Version: unspecified   < 7.19.5
Version: 7.20.0   < unspecified
Version: unspecified   < 7.20.2
Version: 7.21.0   < unspecified
Version: unspecified   < 7.21.2
Version: 8.0.0
Version: 8.1.0
Atlassian Bitbucket Data Center Version: unspecified   < 7.6.16
Version: 7.7.0   < unspecified
Version: 7.16.0   < unspecified
Version: unspecified   < 7.17.8
Version: 7.18.0   < unspecified
Version: unspecified   < 7.19.5
Version: 7.20.0   < unspecified
Version: unspecified   < 7.20.2
Version: 7.21.0   < unspecified
Version: unspecified   < 7.21.2
Version: 8.0.0
Version: 8.1.0
Atlassian Confluence Server Version: unspecified   < 7.4.17
Version: 7.5.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0
Atlassian Confluence Data Center Version: unspecified   < 7.4.17
Version: 7.5.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0
Atlassian Crowd Server Version: unspecified   < 4.3.8
Version: 4.4.0   < unspecified
Version: unspecified   < 4.4.2
Version: 5.0.0
Atlassian Crowd Data Center Version: unspecified   < 4.3.8
Version: 4.4.0   < unspecified
Version: unspecified   < 4.4.2
Version: 5.0.0
Atlassian Crucible Version: unspecified   < 4.8.10
Atlassian Fisheye Version: unspecified   < 4.8.10
Atlassian Jira Core Server Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
Atlassian Jira Software Server Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
Atlassian Jira Software Data Center Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
Atlassian Jira Service Management Server Version: unspecified   < 4.13.22
Version: 4.14.0   < unspecified
Version: unspecified   < 4.20.10
Version: 4.21.0   < unspecified
Version: unspecified   < 4.22.4
Atlassian Jira Service Management Data Center Version: unspecified   < 4.13.22
Version: 4.14.0   < unspecified
Version: unspecified   < 4.20.10
Version: 4.21.0   < unspecified
Version: unspecified   < 4.22.4
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BAM-21795"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13370"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CWD-5815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/FE-7410"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CRUC-8541"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bamboo",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.2.10",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.9",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.1.8",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.4",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.6.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.8",
                "status": "affected",
                "version": "7.7.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.5",
                "status": "affected",
                "version": "7.18.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.20.2",
                "status": "affected",
                "version": "7.20.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.21.2",
                "status": "affected",
                "version": "7.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.0"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.3.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.4.2",
                "status": "affected",
                "version": "4.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crucible",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fisheye",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26136",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T15:26:49.090400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T16:43:16.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bamboo Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bamboo Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Crowd Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crowd Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crucible",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Fisheye",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-180",
              "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-20T17:25:18",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BAM-21795"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-13370"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CWD-5815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/FE-7410"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CRUC-8541"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-07-20T00:00:00",
          "ID": "CVE-2022-26136",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bamboo Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bamboo Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crucible",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fisheye",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Core Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BAM-21795",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "name": "https://jira.atlassian.com/browse/BSERV-13370",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "name": "https://jira.atlassian.com/browse/CWD-5815",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "name": "https://jira.atlassian.com/browse/FE-7410",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "name": "https://jira.atlassian.com/browse/CRUC-8541",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26136",
    "datePublished": "2022-07-20T17:25:18.803466Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-03T16:43:16.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21674
Vulnerability from cvelistv5
Published
2024-01-16 05:00
Modified
2024-08-29 14:38
Severity ?
8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).
References
https://jira.atlassian.com/browse/CONFSERVER-94066
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 7.19.0
Version: >= 8.0.0
Version: >= 8.1.0
Version: >= 8.2.0
Version: >= 8.3.0
Version: >= 8.4.0
Version: >= 8.5.0
Version: >= 8.6.0
Version: >= 8.7.1
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-94066"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21674",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-29T14:37:34.659948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T14:38:32.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.18"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.7.2"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.18"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "DDV_UA"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives )."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T17:00:02.134Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-94066"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2024-21674",
    "datePublished": "2024-01-16T05:00:00.639Z",
    "dateReserved": "2024-01-01T00:05:33.845Z",
    "dateUpdated": "2024-08-29T14:38:32.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-43940
Vulnerability from cvelistv5
Published
2022-02-15 03:15
Modified
2024-10-08 16:38
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
References
https://jira.atlassian.com/browse/CONFSERVER-66550x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Version: unspecified   < 7.4.10
Version: 7.5.0   < unspecified
Version: unspecified   < 7.12.3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.12.3",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.12.3",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-43940",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T16:35:44.027223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T16:38:51.537Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path Element (CWE-427)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-07T00:25:08",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2021-11-26T00:00:00",
          "ID": "CVE-2021-43940",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Uncontrolled Search Path Element (CWE-427)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-66550",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2021-43940",
    "datePublished": "2022-02-15T03:15:09.899432Z",
    "dateReserved": "2021-11-16T00:00:00",
    "dateUpdated": "2024-10-08T16:38:51.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-20237
Vulnerability from cvelistv5
Published
2019-02-13 18:00
Modified
2024-09-16 21:02
Severity ?
Summary
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
References
https://jira.atlassian.com/browse/CONFSERVER-57814x_refsource_CONFIRM
http://www.securityfocus.com/bid/107041vdb-entry, x_refsource_BID
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Version: unspecified   < 6.13.1
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:58:18.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-57814"
          },
          {
            "name": "107041",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107041"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-02-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Indirect Object Reference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T19:07:04",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-57814"
        },
        {
          "name": "107041",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107041"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2019-02-07T00:00:00",
          "ID": "CVE-2018-20237",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Indirect Object Reference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-57814",
              "refsource": "CONFIRM",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-57814"
            },
            {
              "name": "107041",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107041"
            },
            {
              "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/",
              "refsource": "MISC",
              "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2018-20237",
    "datePublished": "2019-02-13T18:00:00Z",
    "dateReserved": "2018-12-19T00:00:00",
    "dateUpdated": "2024-09-16T21:02:16.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26072
Vulnerability from cvelistv5
Published
2021-04-01 18:10
Modified
2024-09-17 01:40
Severity ?
Summary
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
References
https://jira.atlassian.com/browse/CONFSERVER-61399x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Version: unspecified   < 5.8.6
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:19.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-61399"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "5.8.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "5.8.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Server Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-01T18:10:35",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-61399"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2021-04-01T00:00:00",
          "ID": "CVE-2021-26072",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.8.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.8.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Server Side Request Forgery (SSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-61399",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-61399"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2021-26072",
    "datePublished": "2021-04-01T18:10:35.728227Z",
    "dateReserved": "2021-01-25T00:00:00",
    "dateUpdated": "2024-09-17T01:40:50.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-29450
Vulnerability from cvelistv5
Published
2021-01-19 00:30
Modified
2024-09-16 17:49
Severity ?
Summary
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
References
https://jira.atlassian.com/browse/CONFSERVER-60854x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:55:09.661Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-60854"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-19T00:30:14",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-60854"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2020-01-07T00:00:00",
          "ID": "CVE-2020-29450",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-60854",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-60854"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2020-29450",
    "datePublished": "2021-01-19T00:30:14.158347Z",
    "dateReserved": "2020-12-01T00:00:00",
    "dateUpdated": "2024-09-16T17:49:14.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-20239
Vulnerability from cvelistv5
Published
2019-04-30 15:28
Modified
2024-09-16 20:01
Severity ?
Summary
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.
References
https://ecosystem.atlassian.net/browse/APL-1373x_refsource_MISC
https://jira.atlassian.com/browse/CRUC-8379x_refsource_MISC
https://jira.atlassian.com/browse/FE-7161x_refsource_MISC
https://jira.atlassian.com/browse/CONFSERVER-58208x_refsource_MISC
https://jira.atlassian.com/browse/CWD-5362x_refsource_MISC
https://jira.atlassian.com/browse/JRASERVER-68855x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:58:18.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ecosystem.atlassian.net/browse/APL-1373"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CRUC-8379"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/FE-7161"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-58208"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CWD-5362"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-68855"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Atlassian Application Links",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "5.0.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.3.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.4.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross Site Scripting (XSS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-29T20:20:19",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ecosystem.atlassian.net/browse/APL-1373"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CRUC-8379"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/FE-7161"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-58208"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CWD-5362"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-68855"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2019-04-29T00:00:00",
          "ID": "CVE-2018-20239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Atlassian Application Links",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.0.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "5.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.2.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "5.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.3.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "5.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.4.12"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ecosystem.atlassian.net/browse/APL-1373",
              "refsource": "MISC",
              "url": "https://ecosystem.atlassian.net/browse/APL-1373"
            },
            {
              "name": "https://jira.atlassian.com/browse/CRUC-8379",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CRUC-8379"
            },
            {
              "name": "https://jira.atlassian.com/browse/FE-7161",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/FE-7161"
            },
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-58208",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-58208"
            },
            {
              "name": "https://jira.atlassian.com/browse/CWD-5362",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CWD-5362"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-68855",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-68855"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2018-20239",
    "datePublished": "2019-04-30T15:28:27.775475Z",
    "dateReserved": "2018-12-19T00:00:00",
    "dateUpdated": "2024-09-16T20:01:43.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42978
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
References
https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-15T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42978",
    "datePublished": "2022-11-15T00:00:00",
    "dateReserved": "2022-10-17T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26134
Vulnerability from cvelistv5
Published
2022-06-03 21:51
Modified
2024-09-16 18:55
Severity ?
Summary
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
References
https://jira.atlassian.com/browse/CONFSERVER-79016x_refsource_MISC
http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlx_refsource_MISC
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlx_refsource_MISC
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlx_refsource_MISC
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: next of 1.3.0   < unspecified
Version: unspecified   < 7.4.17
Version: 7.13.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0   < unspecified
Version: unspecified   < 7.18.1
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-79016"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "next of 1.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.13.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.18.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "next of 1.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.13.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.18.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-30T05:20:13",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-79016"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-05-31T20:00:00",
          "ID": "CVE-2022-26134",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e",
                            "version_value": "1.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.13.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.18.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e",
                            "version_value": "1.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.13.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.18.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-79016",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79016"
            },
            {
              "name": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
            },
            {
              "name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html",
              "refsource": "MISC",
              "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26134",
    "datePublished": "2022-06-03T21:51:57.134389Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-09-16T18:55:17.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14175
Vulnerability from cvelistv5
Published
2020-07-24 07:05
Modified
2024-09-16 20:58
Severity ?
Summary
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
References
https://jira.atlassian.com/browse/CONFSERVER-60102x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-60102"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.5.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-07-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored Cross-Site Scripting (SXSS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-24T07:05:16",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-60102"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2020-07-24T00:00:00",
          "ID": "CVE-2020-14175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.5.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored Cross-Site Scripting (SXSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-60102",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-60102"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2020-14175",
    "datePublished": "2020-07-24T07:05:16.144536Z",
    "dateReserved": "2020-06-16T00:00:00",
    "dateUpdated": "2024-09-16T20:58:53.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26138
Vulnerability from cvelistv5
Published
2022-07-20 17:25
Modified
2024-09-17 00:26
Severity ?
Summary
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
References
https://jira.atlassian.com/browse/CONFSERVER-79483x_refsource_MISC
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-79483"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Questions For Confluence",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "2.7.34"
            },
            {
              "status": "affected",
              "version": "2.7.35"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            }
          ]
        }
      ],
      "datePublic": "2022-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Use of Hard-coded Credentials (CWE-798)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-20T17:25:26",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-79483"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-07-20T00:00:00",
          "ID": "CVE-2022-26138",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Questions For Confluence",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2.7.34"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2.7.35"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use of Hard-coded Credentials (CWE-798)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-79483",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79483"
            },
            {
              "name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html",
              "refsource": "MISC",
              "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26138",
    "datePublished": "2022-07-20T17:25:26.913198Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-09-17T00:26:51.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42977
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded.
References
https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-15T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42977",
    "datePublished": "2022-11-15T00:00:00",
    "dateReserved": "2022-10-17T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22518
Vulnerability from cvelistv5
Published
2023-10-31 14:30
Modified
2024-08-02 10:13
Severity ?
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.  Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References
https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907
https://jira.atlassian.com/browse/CONFSERVER-93142
http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 1.0.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-93142"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 1.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.0.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.16"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.3.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.4.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.3"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.6.1"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 1.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.0.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.16"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.3.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.4.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.3"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.6.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "-"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to\u00a0Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.\u00a0\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authorization",
              "lang": "en",
              "type": "Improper Authorization"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-07T01:30:00.521Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907"
        },
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-93142"
        },
        {
          "url": "http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22518",
    "datePublished": "2023-10-31T14:30:00.418Z",
    "dateReserved": "2023-01-01T00:01:22.332Z",
    "dateUpdated": "2024-08-02T10:13:48.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22527
Vulnerability from cvelistv5
Published
2024-01-16 05:00
Modified
2024-08-19 07:47
Severity ?
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
References
https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615
https://jira.atlassian.com/browse/CONFSERVER-93833
http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 8.0.0
Version: >= 8.1.0
Version: >= 8.2.0
Version: >= 8.3.0
Version: >= 8.4.0
Version: >= 8.5.0
Version: >= 8.5.1
Version: >= 8.5.2
Version: >= 8.5.3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:8.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.5.4",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:8.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.5.4",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22527",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-14T05:00:58.661097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-01-24",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-22527"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-74",
                "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:26:49.981Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-01-24T00:00:00+00:00",
            "value": "CVE-2023-22527 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-19T07:47:54.708Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-93833"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.3"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.7.1"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.3"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.6.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Petrus Viet"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.\n\nMost recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian\u2019s January Security Bulletin."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T19:30:00.876Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615"
        },
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-93833"
        },
        {
          "url": "http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22527",
    "datePublished": "2024-01-16T05:00:00.692Z",
    "dateReserved": "2023-01-01T00:01:22.333Z",
    "dateUpdated": "2024-08-19T07:47:54.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36290
Vulnerability from cvelistv5
Published
2022-07-26 04:05
Modified
2024-10-03 18:36
Severity ?
Summary
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
References
https://jira.atlassian.com/browse/CONFSERVER-60118x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Version: unspecified   < 7.4.5
Version: 7.5.0   < unspecified
Version: unspecified   < 7.6.3
Version: 7.7.0   < unspecified
Version: unspecified   < 7.7.4
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-60118"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-36290",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T18:36:19.960463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T18:36:30.272Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.7.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.7.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross Site Scripting (XSS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-26T04:05:14",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-60118"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-07-26T00:00:00",
          "ID": "CVE-2020-36290",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.7.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.7.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-60118",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-60118"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2020-36290",
    "datePublished": "2022-07-26T04:05:14.704626Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-10-03T18:36:30.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22503
Vulnerability from cvelistv5
Published
2023-05-01 16:00
Modified
2024-10-01 15:22
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
References
https://jira.atlassian.com/browse/CONFSERVER-82403
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 7.20.2
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-82403"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.13.15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.7",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.0",
                "status": "affected",
                "version": "7.20.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.13.15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.7",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.0",
                "status": "affected",
                "version": "7.20.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22503",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T15:14:47.693093Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T15:22:41.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.20.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.20.2"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.13.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.7"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.20.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.20.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.20.2"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.13.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.7"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.20.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.\r\n\r\nThis vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.\r\n\r\nThe affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "Information Disclosure"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-01T16:00:32.509Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-82403"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22503",
    "datePublished": "2023-05-01T16:00:32.509Z",
    "dateReserved": "2023-01-01T00:01:22.329Z",
    "dateUpdated": "2024-10-01T15:22:41.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-39114
Vulnerability from cvelistv5
Published
2022-04-05 04:00
Modified
2024-10-04 19:06
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
References
https://jira.atlassian.com/browse/CONFSERVER-68844x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Version: unspecified   < 6.13.23
Version: 6.14.0   < unspecified
Version: unspecified   < 7.4.11
Version: 7.5.0   < unspecified
Version: unspecified   < 7.11.6
Version: 7.12.0   < unspecified
Version: unspecified   < 7.12.5
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:17.751Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-68844"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "6.13.23",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.4.11",
                "status": "affected",
                "version": "6.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.11.6",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.12.5",
                "status": "affected",
                "version": "7.12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "6.13.23",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.4.11",
                "status": "affected",
                "version": "6.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.11.6",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.12.5",
                "status": "affected",
                "version": "7.12.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-39114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T18:55:58.863918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:06:17.769Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.23",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.11.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.23",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.11.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-05T04:00:18",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-68844"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-02-09T00:00:00",
          "ID": "CVE-2021-39114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.23"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.11.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.12.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.23"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.11.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.12.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-68844",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-68844"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2021-39114",
    "datePublished": "2022-04-05T04:00:18.966826Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-10-04T19:06:17.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21683
Vulnerability from cvelistv5

This CVE's publication may have been a false positive or a mistake. As a result, we have rejected this record.

Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:00:18.301Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "rejectedReasons": [
        {
          "lang": "en-US",
          "value": "This CVE\u0027s publication may have been a false positive or a mistake. As a result, we have rejected this record."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2024-21683",
    "datePublished": "2024-05-21T23:00:00.446Z",
    "dateRejected": "2025-01-01T00:00:18.301Z",
    "dateReserved": "2024-01-01T00:05:33.846Z",
    "dateUpdated": "2025-01-01T00:00:18.301Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-29444
Vulnerability from cvelistv5
Published
2021-05-07 06:10
Modified
2024-09-16 23:11
Severity ?
Summary
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
References
https://jira.atlassian.com/browse/CONFSERVER-61266x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:55:09.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-61266"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.11.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-04-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-07T06:10:11",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-61266"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2021-04-22T00:00:00",
          "ID": "CVE-2020-29444",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.11.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-61266",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-61266"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2020-29444",
    "datePublished": "2021-05-07T06:10:11.632147Z",
    "dateReserved": "2020-12-01T00:00:00",
    "dateUpdated": "2024-09-16T23:11:25.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21672
Vulnerability from cvelistv5
Published
2024-01-16 05:00
Modified
2024-08-01 22:27
Severity ?
8.3 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives).
References
https://jira.atlassian.com/browse/CONFSERVER-94064
Impacted products
Vendor Product Version
Atlassian Confluence Server Version: >= 7.19.0
Version: >= 8.0.0
Version: >= 8.1.0
Version: >= 8.2.0
Version: >= 8.3.0
Version: >= 8.4.0
Version: >= 8.5.0
Version: >= 8.6.0
Version: >= 8.7.1
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-94064"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.18"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.7.2"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 7.19.18"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.5.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "DDV_UA"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of\u00a0CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-17T01:00:01.127Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-94064"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2024-21672",
    "datePublished": "2024-01-16T05:00:00.703Z",
    "dateReserved": "2024-01-01T00:05:33.845Z",
    "dateUpdated": "2024-08-01T22:27:35.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2021-04-01 19:15
Modified
2024-11-21 05:55
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-61399Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-61399Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AAFFA9-E8EC-4F83-B38B-2B0A8C04DD59",
              "versionEndExcluding": "5.8.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DE645E0-3780-4919-AE6F-ECFA55F3E3F6",
              "versionEndExcluding": "5.8.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability."
    },
    {
      "lang": "es",
      "value": "El plugin WidgetConnector en Confluence Server y Confluence Data Center anterior a versi\u00f3n 5.8.6, permit\u00eda a atacantes remotos manipular el contenido de los recursos de la red interna a trav\u00e9s de una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) ciega del servidor."
    }
  ],
  "id": "CVE-2021-26072",
  "lastModified": "2024-11-21T05:55:48.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-01T19:15:13.623",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-61399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-61399"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-16 05:15
Modified
2024-11-21 07:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program
References
security@atlassian.comhttps://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-93516Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-93516Permissions Required
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFAC515C-172B-44D9-89A9-062F33E644E7",
              "versionEndExcluding": "7.19.17",
              "versionStartIncluding": "7.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5910506D-FE53-411D-8684-C5477CE44D48",
              "versionEndExcluding": "8.5.5",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B5862B-E498-44C3-8C73-8474AEA4108D",
              "versionEndExcluding": "8.7.2",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56354085-184F-4B7A-B384-34A0D3B38EE0",
              "versionEndExcluding": "7.19.17",
              "versionStartIncluding": "7.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A42A7385-4CBB-4EE3-B227-13CD02C50D8A",
              "versionEndExcluding": "8.5.5",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F31DE4-0A6B-4183-8E74-324DA2BF2BD1",
              "versionEndIncluding": "8.7.2",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center.\r\n\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\r\n\r\nAtlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release\r\n Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\r\n Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\r\n\r\nSee the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).\r\n\r\nThis vulnerability was discovered by m1sn0w and reported via our Bug Bounty program"
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo) de alta gravedad se introdujo en la versi\u00f3n 7.19.0 de Confluence Data Center. Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), con una puntuaci\u00f3n CVSS de 7,2, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Confluence Data Center actualicen a la \u00faltima versi\u00f3n; si no pueden hacerlo, actualicen su instancia a una de las versiones fijas admitidas especificadas: Confluence Data Center y Server 7.19: actualice a una versi\u00f3n 7.19.17 o superior. Versi\u00f3n 7.19.x Confluence Data Center y Server 8.5: actualice a una versi\u00f3n 8.5.5 o superior. 8.5.x Confluence Data Center y Server 8.7: actualice a una versi\u00f3n 8.7.2 o superior. Consulte las notas de la versi\u00f3n ([https ://confluence.atlassian.com/doc/confluence-release-notes-327.html]). Puede descargar la \u00faltima versi\u00f3n de Confluence Data Center desde el centro de descargas ([https://www.atlassian.com/software/confluence/download-archives]). Esta vulnerabilidad fue descubierta por m1sn0w y reportada a trav\u00e9s de nuestro programa Bug Bounty."
    }
  ],
  "id": "CVE-2023-22526",
  "lastModified": "2024-11-21T07:44:58.907",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-16T05:15:07.933",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93516"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-07 06:15
Modified
2024-11-21 05:24
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-61266Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-61266Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F6A37A-FEAB-4482-84BF-B030A8ACB6DA",
              "versionEndExcluding": "7.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD864C5-92AF-4E6F-9264-31E7F4226436",
              "versionEndExcluding": "7.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters."
    },
    {
      "lang": "es",
      "value": "Unas versiones afectadas de Team Calendar en Confluence Server anteriores a 7.11.0, permiten a atacantes inyectar HTML o Javascript arbitrario por medio de una vulnerabilidad de tipo Cross Site Scripting en par\u00e1metros de configuraci\u00f3n global de administraci\u00f3n"
    }
  ],
  "id": "CVE-2020-29444",
  "lastModified": "2024-11-21T05:24:01.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-07T06:15:09.040",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-61266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-61266"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-06-03 22:15
Modified
2024-11-21 06:53
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
References
security@atlassian.comhttp://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@atlassian.comhttp://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
security@atlassian.comhttp://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
security@atlassian.comhttp://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlExploit, Third Party Advisory, VDB Entry
security@atlassian.comhttps://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.htmlVendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-79016Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-79016Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center 7.18.0
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server 7.18.0


To clipboard 

{
  "cisaActionDue": "2022-06-06",
  "cisaExploitAdd": "2022-06-02",
  "cisaRequiredAction": "Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.",
  "cisaVulnerabilityName": "Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B80A5DD-66A4-4BA9-8BE0-CD862048B497",
              "versionEndExcluding": "7.4.17",
              "versionStartIncluding": "1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98724BE-9503-4E81-B427-79410CDBF2B9",
              "versionEndExcluding": "7.13.7",
              "versionStartIncluding": "7.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E753EB-0D31-448B-B8DE-0A95434CC97C",
              "versionEndExcluding": "7.14.3",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE114494-74F0-454C-AAC4-8B8E5F1C67D0",
              "versionEndExcluding": "7.15.2",
              "versionStartIncluding": "7.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BB3572-29ED-415F-AD34-00EB76271F9C",
              "versionEndExcluding": "7.16.4",
              "versionStartIncluding": "7.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30EF756A-B4E9-4E5D-BE6F-02CE95F12C9C",
              "versionEndExcluding": "7.17.4",
              "versionStartIncluding": "7.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56B6A10-E23F-49EF-8C07-1AEDFCAE2788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AC4BC00-4067-4C75-AF15-A754C2713B02",
              "versionEndExcluding": "7.4.17",
              "versionStartIncluding": "1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4587786A-9864-405F-8C0F-31D930651F59",
              "versionEndExcluding": "7.13.7",
              "versionStartIncluding": "7.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DCDEC6C-4515-4CAA-9D82-7BF68A3AAE7E",
              "versionEndExcluding": "7.14.3",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9948F94-DF67-4E3C-8CD4-417D57FBC60F",
              "versionEndExcluding": "7.15.2",
              "versionStartIncluding": "7.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E63ECB-85A8-4D41-A9B5-9FFF18D9CDB1",
              "versionEndExcluding": "7.16.4",
              "versionStartIncluding": "7.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "694171BD-FAE2-472C-8183-04BCA2F7B9A7",
              "versionEndExcluding": "7.17.4",
              "versionStartIncluding": "7.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC5E81B-DA4B-45E7-9584-4B576E49FD8B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1."
    },
    {
      "lang": "es",
      "value": "En las versiones afectadas de Confluence Server y Data Center, se presenta una vulnerabilidad de inyecci\u00f3n OGNL que permitir\u00eda a un atacante no autenticado ejecutar c\u00f3digo arbitrario en una instancia de Confluence Server o Data Center. Las versiones afectadas son 1.3.0 anteriores a 7.4.17, 7.13.0 anteriores a 7.13.7, 7.14.0 anteriores a 7.14.3, 7.15.0 anteriores a 7.15.2, 7.16.0 anteriores a 7.16.4, 7.17.0 anteriores a 7.17.4 y 7.18.0 anteriores a 7.18.1"
    }
  ],
  "id": "CVE-2022-26134",
  "lastModified": "2024-11-21T06:53:29.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-03T22:15:07.717",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-79016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-79016"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-16 05:15
Modified
2024-11-21 08:54
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-94066Permissions Required
nvd@nist.govhttps://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-94066Permissions Required
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6315A65C-D63C-4A23-BD87-4CCE7FA41662",
              "versionEndExcluding": "7.19.18",
              "versionStartIncluding": "7.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5910506D-FE53-411D-8684-C5477CE44D48",
              "versionEndExcluding": "8.5.5",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B5862B-E498-44C3-8C73-8474AEA4108D",
              "versionEndExcluding": "8.7.2",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE863B2C-1277-400C-B9A6-9A7895DEDD8C",
              "versionEndExcluding": "7.19.18",
              "versionStartIncluding": "7.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A42A7385-4CBB-4EE3-B227-13CD02C50D8A",
              "versionEndExcluding": "8.5.5",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F31DE4-0A6B-4183-8E74-324DA2BF2BD1",
              "versionEndIncluding": "8.7.2",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives )."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) de alta gravedad se introdujo en la versi\u00f3n 7.13.0 de Confluence Data Center and Server. Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE), con una puntuaci\u00f3n CVSS de 8,6 y un vector CVSS de CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N /A:N permite que un atacante no autenticado exponga activos en su entorno susceptibles de explotaci\u00f3n, lo que tiene un alto impacto en la confidencialidad, ning\u00fan impacto en la integridad, ning\u00fan impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Confluence Data Center y Server actualicen a la \u00faltima versi\u00f3n; si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas: * Confluence Data Center y Server 7.19: actualice a una versi\u00f3n 7.19.18, o cualquier versi\u00f3n superior 7.19.x * Confluence Data Center y Server 8.5: actualice a una versi\u00f3n 8.5.5 o cualquier versi\u00f3n superior 8.5.x * Confluence Data Center y Server 8.7: actualice a una versi\u00f3n 8.7.2 o cualquier versi\u00f3n superior Consulte la notas de la versi\u00f3n (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). Puede descargar la \u00faltima versi\u00f3n de Confluence Data Center and Server desde el centro de descargas (https://www.atlassian.com/software/confluence/download-archives)."
    }
  ],
  "id": "CVE-2024-21674",
  "lastModified": "2024-11-21T08:54:50.740",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-16T05:15:08.910",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-94066"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-94066"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-24 07:15
Modified
2024-11-21 05:02
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-60102Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-60102Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60534B6D-6A27-4CAB-8F23-D93E57E8B620",
              "versionEndExcluding": "7.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE69336-BFD5-45FA-B75A-20825681431C",
              "versionEndExcluding": "7.5.2",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56F6524-0ACE-4C53-8E45-60D8A3342504",
              "versionEndExcluding": "7.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61C961A4-6ACA-4FAE-8FC1-BC4CA32E5346",
              "versionEndExcluding": "7.5.2",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2."
    },
    {
      "lang": "es",
      "value": "Las versiones afectadas de Atlassian Confluence Server y Data Center, permiten a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS) en los par\u00e1metros de macro de usuario. Las versiones afectadas son las versiones anteriores a  7.4.2 y desde la versi\u00f3n 7.5.0 anteriores a 7.5.2"
    }
  ],
  "id": "CVE-2020-14175",
  "lastModified": "2024-11-21T05:02:48.083",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-24T07:15:14.410",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-60102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-60102"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-16 05:15
Modified
2024-11-21 08:54
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives).
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-94064Permissions Required
nvd@nist.govhttps://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-94064Permissions Required
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6315A65C-D63C-4A23-BD87-4CCE7FA41662",
              "versionEndExcluding": "7.19.18",
              "versionStartIncluding": "7.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5910506D-FE53-411D-8684-C5477CE44D48",
              "versionEndExcluding": "8.5.5",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B5862B-E498-44C3-8C73-8474AEA4108D",
              "versionEndExcluding": "8.7.2",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE863B2C-1277-400C-B9A6-9A7895DEDD8C",
              "versionEndExcluding": "7.19.18",
              "versionStartIncluding": "7.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A42A7385-4CBB-4EE3-B227-13CD02C50D8A",
              "versionEndExcluding": "8.5.5",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F31DE4-0A6B-4183-8E74-324DA2BF2BD1",
              "versionEndIncluding": "8.7.2",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of\u00a0CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives)."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) de alta gravedad se introdujo en la versi\u00f3n 2.1.0 de Confluence Data Center and Server. Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE), con una puntuaci\u00f3n CVSS de 8,3 y un vector CVSS de CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H /A:H permite que un atacante no autenticado exponga de forma remota activos en su entorno susceptibles de explotaci\u00f3n, lo que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y requiere la interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Confluence Data Center y Server actualicen a la \u00faltima versi\u00f3n; si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas: * Confluence Data Center y Server 7.19: actualice a una versi\u00f3n 7.19.18, o cualquier versi\u00f3n superior 7.19.x * Confluence Data Center y Server 8.5: actualice a una versi\u00f3n 8.5.5 o cualquier versi\u00f3n superior 8.5.x * Confluence Data Center y Server 8.7: actualice a una versi\u00f3n 8.7.2 o cualquier versi\u00f3n superior Consulte la notas de la versi\u00f3n (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). Puede descargar la \u00faltima versi\u00f3n de Confluence Data Center and Server desde el centro de descargas (https://www.atlassian.com/software/confluence/download-archives)."
    }
  ],
  "id": "CVE-2024-21672",
  "lastModified": "2024-11-21T08:54:50.480",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-16T05:15:08.537",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-94064"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-94064"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-30 07:15
Modified
2024-11-21 05:55
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
References
security@atlassian.comhttp://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlExploit, Third Party Advisory, VDB Entry
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-67940Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-67940Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "cisaActionDue": "2021-11-17",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A28735F-4827-4410-8B0B-C209ECD21DFC",
              "versionEndExcluding": "6.13.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5224DF-97AB-4D8E-B66D-FC65A1333531",
              "versionEndExcluding": "7.4.11",
              "versionStartIncluding": "6.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E776BF66-74F1-4D8E-9099-42A4E5EEE300",
              "versionEndExcluding": "7.11.6",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11303D6-258F-4FAC-A868-BF506E7F5A4E",
              "versionEndExcluding": "7.12.5",
              "versionStartIncluding": "7.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1FF67F-3FB4-4C0C-8263-3D4CA00A02CD",
              "versionEndExcluding": "6.13.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5CCD4D0-6BC7-442A-9D4D-43841FE40F3E",
              "versionEndExcluding": "7.4.11",
              "versionStartIncluding": "6.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF59072C-9911-4035-A75A-27D882988919",
              "versionEndExcluding": "7.11.6",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2534-EBEF-438B-B616-ED4FFBC9246E",
              "versionEndExcluding": "7.12.5",
              "versionStartIncluding": "7.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
    },
    {
      "lang": "es",
      "value": "En las versiones afectadas de Confluence Server y Data Center, se presenta una vulnerabilidad de inyecci\u00f3n OGNL que permitir\u00eda a un usuario no autenticado ejecutar c\u00f3digo arbitrario en una instancia de Confluence Server o Data Center. Las versiones afectadas son las versiones anteriores a 6.13.23, desde versiones 6.14.0 anteriores a 7.4.11, desde versiones 7.5.0 anteriores a 7.11.6 y desde versiones 7.12.0 anteriores a 7.12.5."
    }
  ],
  "id": "CVE-2021-26084",
  "lastModified": "2024-11-21T05:55:50.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-30T07:15:06.587",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-16 05:15
Modified
2024-11-21 07:44
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
References
security@atlassian.comhttp://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.htmlExploit, Third Party Advisory, VDB Entry
security@atlassian.comhttps://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-93833Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-93833Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center 8.7.0
atlassian confluence_server *


To clipboard 

{
  "cisaActionDue": "2024-02-14",
  "cisaExploitAdd": "2024-01-24",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Atlassian Confluence Data Center and Server Template Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98686E6C-5D52-4EDB-A580-CE01009BADBA",
              "versionEndExcluding": "8.5.4",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED19C83-6D8B-45B1-AAC3-F4C6B12C0E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82C2F4B6-A251-4D8B-8624-99079E50E331",
              "versionEndExcluding": "8.5.4",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.\n\nMost recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian\u2019s January Security Bulletin."
    },
    {
      "lang": "es",
      "value": "Resumen de vulnerabilidad. Una vulnerabilidad de inyecci\u00f3n de plantilla en versiones anteriores de Confluence Data Center y Server permite que un atacante no autenticado logre RCE en una instancia afectada. Los clientes que utilicen una versi\u00f3n afectada deben tomar medidas inmediatas. Las versiones compatibles m\u00e1s recientes de Confluence Data Center y Server no se ven afectadas por esta vulnerabilidad, ya que finalmente se mitig\u00f3 durante las actualizaciones peri\u00f3dicas de la versi\u00f3n. Sin embargo, Atlassian recomienda que los clientes tengan cuidado de instalar la \u00faltima versi\u00f3n para proteger sus instancias de vulnerabilidades no cr\u00edticas descritas en el Bolet\u00edn de seguridad de enero de Atlassian. Consulte \u201cWhat You Need to Do\u201d para obtener instrucciones detalladas. {panel:bgColor=#deebff} Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema. {panel} Versiones afectadas ||Producto||Versiones afectadas|| |Centro de datos y servidor de Confluence| 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3| Versiones fijas ||Producto||Versiones fijas|| |Centro de datos y servidor de Confluence|8.5.4 (LTS)| |Centro de datos de Confluence| 8.6.0 o posterior (solo centro de datos) 8.7.1 o posterior (solo centro de datos)| Qu\u00e9 debe hacer inmediatamente parchear a una versi\u00f3n fija Atlassian recomienda parchear cada una de sus instalaciones afectadas a la \u00faltima versi\u00f3n. Las versiones fijas enumeradas ya no son las versiones m\u00e1s actualizadas y no protegen su instancia de otras vulnerabilidades no cr\u00edticas, como se describe en el Bolet\u00edn de seguridad de enero de Atlassian. ||Producto||Versiones fijas||\u00daltimas versiones|| |Centro de datos y servidor de Confluence| 8.5.4 (LTS)| 8.5.5 (LTS) |Centro de datos de Confluence| 8.6.0 o posterior (solo centro de datos) 8.7.1 o posterior (solo centro de datos)| 8.6.3 o posterior (solo centro de datos) 8.7.2 o posterior (solo centro de datos) Para obtener detalles adicionales, consulte el aviso completo."
    }
  ],
  "id": "CVE-2023-22527",
  "lastModified": "2024-11-21T07:44:59.040",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-16T05:15:08.290",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-26 04:15
Modified
2024-11-21 05:29
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-60118Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-60118Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF09E479-BBC9-45B9-99DE-A01870FF78DD",
              "versionEndExcluding": "7.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54135B7E-36BD-40D3-B467-347EBD55C475",
              "versionEndExcluding": "7.6.3",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12398549-8D95-4E23-AB62-04AB87C0CBEF",
              "versionEndExcluding": "7.7.4",
              "versionStartIncluding": "7.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AE6F85-D165-4211-B3B7-B21598777249",
              "versionEndExcluding": "7.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04129939-2C7D-4E36-91DE-8FFB3D2DDB54",
              "versionEndExcluding": "7.6.3",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83C45FA-5DB0-4953-815C-67D161C99946",
              "versionEndExcluding": "7.7.4",
              "versionStartIncluding": "7.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality."
    },
    {
      "lang": "es",
      "value": "Livesearch macro in Confluence Server and Data Center versiones anteriores a 7.4.5, desde versi\u00f3n 7.5.0 anteriores a 7.6.3, y desde versi\u00f3n 7.7.0 anteriores a 7.7.4, permite a atacantes remotos con permiso para editar una p\u00e1gina o blog inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo cross site scripting (XSS) en la funcionalidad page excerpt."
    }
  ],
  "id": "CVE-2020-36290",
  "lastModified": "2024-11-21T05:29:13.573",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-26T04:15:11.070",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-60118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-60118"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-20 18:15
Modified
2024-11-21 06:53
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
References
security@atlassian.comhttps://jira.atlassian.com/browse/BAM-21795Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/BSERV-13370Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-79476Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CRUC-8541Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CWD-5815Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/FE-7410Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/JRASERVER-73897Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/JSDSERVER-11863Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/BAM-21795Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/BSERV-13370Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-79476Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CRUC-8541Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CWD-5815Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/FE-7410Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/JRASERVER-73897Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/JSDSERVER-11863Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian bamboo *
atlassian bamboo *
atlassian bamboo *
atlassian bamboo *
atlassian bitbucket *
atlassian bitbucket *
atlassian bitbucket *
atlassian bitbucket *
atlassian bitbucket *
atlassian bitbucket 8.0.0
atlassian bitbucket 8.1.0
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center 7.18.0
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server 7.18.0
atlassian crowd *
atlassian crowd *
atlassian crowd 5.0.0
atlassian crucible *
atlassian fisheye *
atlassian jira_data_center *
atlassian jira_data_center *
atlassian jira_data_center *
atlassian jira_server *
atlassian jira_server *
atlassian jira_server *
atlassian jira_service_desk *
atlassian jira_service_desk *
atlassian jira_service_management *
atlassian jira_service_management *
atlassian jira_service_management *
atlassian jira_service_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "218C960A-04C6-4242-BEBA-C81CF5F1F722",
              "versionEndExcluding": "7.2.10",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E360CDE0-FD1E-4337-8268-DB89CF605EE0",
              "versionEndExcluding": "8.0.9",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0913EE0-2046-4E7E-966D-DC894E34D12B",
              "versionEndExcluding": "8.1.8",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D182C1B1-A5FF-4777-9835-4E9114BB68DC",
              "versionEndExcluding": "8.2.4",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DCD53E4-3169-4E8A-88D1-38BE51D09DD3",
              "versionEndExcluding": "7.6.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B878E40-95A7-40A7-9C52-6BC0C2FD3F54",
              "versionEndExcluding": "7.17.8",
              "versionStartIncluding": "7.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46305D5A-7F7B-4A04-9DAD-E582D1193A7E",
              "versionEndExcluding": "7.19.5",
              "versionStartIncluding": "7.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96B135B-9272-457E-A557-6566554262D3",
              "versionEndExcluding": "7.20.2",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62956861-BEDE-40C8-B628-C831087E7BDB",
              "versionEndExcluding": "7.21.2",
              "versionStartIncluding": "7.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A85565F-3F80-4E00-A706-AB4B2EAA4AFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E2E3C0-CDF0-4D79-80A6-85E71B947ED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C543CA6-8E8A-476C-AB27-614DF4EC68A5",
              "versionEndExcluding": "7.4.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45FD913B-45DE-4CA8-9733-D62F54B19E74",
              "versionEndExcluding": "7.13.7",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E753EB-0D31-448B-B8DE-0A95434CC97C",
              "versionEndExcluding": "7.14.3",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE114494-74F0-454C-AAC4-8B8E5F1C67D0",
              "versionEndExcluding": "7.15.2",
              "versionStartIncluding": "7.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BB3572-29ED-415F-AD34-00EB76271F9C",
              "versionEndExcluding": "7.16.4",
              "versionStartIncluding": "7.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30EF756A-B4E9-4E5D-BE6F-02CE95F12C9C",
              "versionEndExcluding": "7.17.4",
              "versionStartIncluding": "7.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56B6A10-E23F-49EF-8C07-1AEDFCAE2788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8BE634-1599-4790-9410-6CA43BC60C4D",
              "versionEndExcluding": "7.4.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E68DFD-48F5-4949-AFEA-3829CA5DFC04",
              "versionEndExcluding": "7.13.7",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DCDEC6C-4515-4CAA-9D82-7BF68A3AAE7E",
              "versionEndExcluding": "7.14.3",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9948F94-DF67-4E3C-8CD4-417D57FBC60F",
              "versionEndExcluding": "7.15.2",
              "versionStartIncluding": "7.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E63ECB-85A8-4D41-A9B5-9FFF18D9CDB1",
              "versionEndExcluding": "7.16.4",
              "versionStartIncluding": "7.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "694171BD-FAE2-472C-8183-04BCA2F7B9A7",
              "versionEndExcluding": "7.17.4",
              "versionStartIncluding": "7.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC5E81B-DA4B-45E7-9584-4B576E49FD8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE028964-B3FC-4883-9967-68DE46EE7F6F",
              "versionEndExcluding": "4.3.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DC9E2A-4C89-420D-9330-F11E56BF2F83",
              "versionEndExcluding": "4.4.2",
              "versionStartIncluding": "4.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C50A718F-C67B-4462-BB7E-F80408DEF07D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92329A2E-13E8-4818-85AB-3E7F479411EF",
              "versionEndExcluding": "4.8.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DDE751-CA88-4CFB-9E60-4243851B4B53",
              "versionEndExcluding": "4.8.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91B8507-A7A7-4B74-9999-F1DEA9F487A9",
              "versionEndExcluding": "8.13.22",
              "versionStartIncluding": "8.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "963AE427-2897-42CB-AE11-654D700E690B",
              "versionEndExcluding": "8.20.10",
              "versionStartIncluding": "8.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7CD8891-BB97-4AD3-BEE4-6CCA0D8A2D85",
              "versionEndExcluding": "8.22.4",
              "versionStartIncluding": "8.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E73A5202-6114-48E6-8F9B-C03B2E707055",
              "versionEndExcluding": "8.13.22",
              "versionStartIncluding": "8.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22AB11D-1D73-45DC-803C-146EFED18CDA",
              "versionEndExcluding": "8.20.10",
              "versionStartIncluding": "8.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2091E9-0B14-4786-852F-454C56D20839",
              "versionEndExcluding": "8.22.4",
              "versionStartIncluding": "8.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "1451C219-8AAA-4165-AE2C-033EF7B6F93A",
              "versionEndExcluding": "4.13.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*",
              "matchCriteriaId": "BD23F987-0F14-4938-BB51-4EE61C24EB62",
              "versionEndExcluding": "4.13.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "39F77953-41D7-4398-9F07-2A057A993762",
              "versionEndExcluding": "4.20.10",
              "versionStartIncluding": "4.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
              "matchCriteriaId": "CADBE0E7-36D9-4F6F-BEE6-A1E0B9428C2A",
              "versionEndExcluding": "4.20.10",
              "versionStartIncluding": "4.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "DC0DB08B-2034-4691-A7B2-3E5F8B6318B1",
              "versionEndExcluding": "4.22.4",
              "versionStartIncluding": "4.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
              "matchCriteriaId": "97A17BE7-7CCC-46D8-A317-53E2B026DF6E",
              "versionEndExcluding": "4.22.4",
              "versionStartIncluding": "4.21.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en varios productos de Atlassian permite a un atacante remoto no autenticado omitir los filtros Servlet usados por aplicaciones de primera y tercera parte. El impacto depende de los filtros usados por cada aplicaci\u00f3n y de c\u00f3mo son usados los filtros. Esta vulnerabilidad puede resultar en una omisi\u00f3n de la autenticaci\u00f3n y un ataque de tipo cross-site scripting. Atlassian ha publicado actualizaciones que corrigen la causa principal de esta vulnerabilidad, pero no ha enumerado exhaustivamente todas las consecuencias potenciales de esta vulnerabilidad. Est\u00e1n afectadas las versiones de Atlassian Bamboo anteriores a 8.0.9, desde 8.1.0 hasta  8.1.8, y desde la 8.2.0 hasta 8.2.4. Las versiones de Atlassian Bitbucket est\u00e1n afectadas anteriores a 7.6.16, desde la 7.7.0 anteriores a 7.17.8, desde la 7.18.0 anteriores a 7.19.5, desde la 7.20.0 anteriores a 7.20.2, desde la 7.21.0 anteriores a 7.21.2, y las versiones 8.0.0 y 8.1.0. Est\u00e1n afectadas las versiones de Atlassian Confluence anteriores a 7.4.17, desde la 7.5.0 anteriores a 7.13.7, desde la 7.14.0 anteriores a 7.14.3, desde la 7.15.0 anteriores a 7.15.2, desde la 7.16.0 anteriores a 7.16.4, desde la 7.17.0 anteriores a 7.17.4 y la versi\u00f3n 7.21.0. Est\u00e1n afectadas las versiones de Atlassian Crowd anteriores a 4.3.8, desde la 4.4.0 hasta 4.4.2, y la versi\u00f3n 5.0.0. Est\u00e1n afectadas las versiones de Atlassian Fisheye y Crucible anteriores a 4.8.10. Est\u00e1n afectadas las versiones de Atlassian Jira anteriores a 8.13.22, desde la 8.14.0 hasta 8.20.10, y desde la 8.21.0 hasta 8.22.4. Las versiones de Atlassian Jira Service Management est\u00e1n afectadas anteriores a 4.13.22, desde la 4.14.0 anteriores a 4.20.10, y desde la 4.21.0 anteriores a 4.22.4"
    }
  ],
  "id": "CVE-2022-26136",
  "lastModified": "2024-11-21T06:53:30.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-07-20T18:15:08.487",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BAM-21795"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BSERV-13370"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CRUC-8541"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CWD-5815"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/FE-7410"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BAM-21795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BSERV-13370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CRUC-8541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CWD-5815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/FE-7410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-180"
        }
      ],
      "source": "security@atlassian.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-19 01:15
Modified
2024-11-21 05:24
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-60854Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-60854Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E001413-D8E1-41F1-9F61-08C0D2AC1FC0",
              "versionEndExcluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D57E526-A4D8-4F39-96E3-BABA3108FA05",
              "versionEndExcluding": "7.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0."
    },
    {
      "lang": "es",
      "value": "Las versiones afectadas de Atlassian Confluence Server y Data Center permiten a atacantes remotos afectar la disponibilidad de la aplicaci\u00f3n por medio de una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en la funcionalidad de carga del avatar. Las versiones afectadas son anteriores a la versi\u00f3n 7.2.0"
    }
  ],
  "id": "CVE-2020-29450",
  "lastModified": "2024-11-21T05:24:01.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-19T01:15:14.603",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-60854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-60854"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-20 18:15
Modified
2024-11-21 06:53
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
References
security@atlassian.comhttps://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.htmlVendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-79483Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-79483Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian questions_for_confluence 2.7.34
atlassian questions_for_confluence 2.7.35
atlassian questions_for_confluence 3.0.2
atlassian confluence_data_center -
atlassian confluence_server -


To clipboard 

{
  "cisaActionDue": "2022-08-19",
  "cisaExploitAdd": "2022-07-29",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:questions_for_confluence:2.7.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CE5D29-4DCB-48E5-9F1E-E603E5F6C27E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:questions_for_confluence:2.7.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "60DEB66E-75A9-4C34-9E06-037BE1B263EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:questions_for_confluence:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD33916-41E6-45BB-A6CC-9ECD4F11A529",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5AB7C4D-ED56-4AB5-BD03-CA807D11C46E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9157ABD-3C98-4742-AE63-EAD7504CDB22",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n Atlassian Questions For Confluence para Confluence Server y Data Center crea una cuenta de usuario de Confluence en el grupo confluence-users con el nombre de usuario disabledsystemuser y una contrase\u00f1a embebida. Un atacante remoto no autenticado que conozca la contrase\u00f1a embebida podr\u00eda explotar esta situaci\u00f3n para iniciar sesi\u00f3n en Confluence y acceder a todo el contenido accesible para usuarios del grupo confluence-users. Esta cuenta de usuario es creada cuando son instaladas las versiones 2.7.34, 2.7.35 y 3.0.2 de la aplicaci\u00f3n"
    }
  ],
  "id": "CVE-2022-26138",
  "lastModified": "2024-11-21T06:53:30.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-20T18:15:08.617",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-79483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-79483"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "security@atlassian.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-02-22 21:15
Modified
2024-11-21 05:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-60469Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-60469Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55705C1C-CF3D-4CD9-9341-83820CD3471F",
              "versionEndExcluding": "6.13.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69C180A5-FDF6-4F41-ACAC-46BEECF8333E",
              "versionEndExcluding": "7.4.6",
              "versionStartIncluding": "6.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA7E7A7-B7FD-4B5B-B8BA-1A83470A6FE7",
              "versionEndExcluding": "7.8.3",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC13F7E7-5DE0-4D04-BA05-4287DB34912E",
              "versionEndExcluding": "6.13.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33104D47-DD3C-4068-95F6-EEFC60D7E0F8",
              "versionEndExcluding": "7.4.6",
              "versionStartIncluding": "6.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D74D7B97-4FCB-4E7E-9C20-5AC2CF2FB2F1",
              "versionEndExcluding": "7.8.3",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check."
    },
    {
      "lang": "es",
      "value": "La clase ConfluenceResourceDownloadRewriteRule en Confluence Server y Confluence Data Center versiones anteriores a 6.13.18, desde 6.14.0 anteriores a 7.4.6 y desde 7.5.0 anteriores a 7.8.3, permit\u00eda a atacantes remotos no autenticados leer archivos arbitrarios dentro de los directorios WEB-INF y META-INF por medio de una comprobaci\u00f3n de acceso de una ruta incorrecta"
    }
  ],
  "id": "CVE-2020-29448",
  "lastModified": "2024-11-21T05:24:01.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-22T21:15:19.460",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-07-18 23:15
Modified
2024-11-21 07:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to avoid this bug using the following options: * Upgrade to a Confluence feature release greater than or equal to 8.2.0 (ie: 8.2, 8.2, 8.4, etc...) * Upgrade to a Confluence 7.19 LTS bugfix release greater than or equal to 7.19.8 (ie: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc...) * Upgrade to a Confluence 7.13 LTS bugfix release greater than or equal to 7.13.20 (Release available early August) See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Data Center & Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). If you are unable to upgrade your instance please use the following guide to workaround the issue https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html This vulnerability was discovered by a private user and reported via our Bug Bounty program.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-88221Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-88221Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "406C37DD-9A78-4BC3-B91B-C649B75DDC21",
              "versionEndExcluding": "7.13.20",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD124AD-097C-4F5C-978A-6070A539F220",
              "versionEndExcluding": "7.19.8",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D5FBFE8-F97B-4E6B-B6AB-7EF9955B66BA",
              "versionEndExcluding": "8.2.0",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4CB719-B825-4ED0-B783-EF8DE9E1B5EE",
              "versionEndExcluding": "7.13.20",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE5A04D-2133-4E27-951F-C5F6BAB044AF",
              "versionEndExcluding": "7.19.8",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBB9EBB-FFFA-4AE8-BA5A-D06D6D9A309E",
              "versionEndExcluding": "8.2.0",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center \u0026 Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to avoid this bug using the following options: * Upgrade to a Confluence feature release greater than or equal to 8.2.0 (ie: 8.2, 8.2, 8.4, etc...) * Upgrade to a Confluence 7.19 LTS bugfix release greater than or equal to 7.19.8 (ie: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc...) * Upgrade to a Confluence 7.13 LTS bugfix release greater than or equal to 7.13.20 (Release available early August) See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Data Center \u0026 Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). If you are unable to upgrade your instance please use the following guide to workaround the issue https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html This vulnerability was discovered by a private user and reported via our Bug Bounty program."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo) de alta gravedad conocida como CVE-2023-22508 se introdujo en la versi\u00f3n 6.1.0 de Confluence Data Center \u0026amp; Server. Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), con una puntuaci\u00f3n CVSS de 8.5, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y ninguna interacci\u00f3n del usuario. Atlassian recomienda actualizar su instancia para evitar este error utilizando las siguientes opciones: * Actualizar a una versi\u00f3n de funci\u00f3n de Confluence mayor o igual a 8.2.0 (es decir, 8.2, 8.2, 8.4, etc...) * Actualizar a una versi\u00f3n de correcci\u00f3n de errores de Confluence 7.19 LTS mayor o igual a 7.19.8 (es decir: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc.) * Actualice a una versi\u00f3n de correcci\u00f3n de errores Confluence 7.13 LTS mayor o igual a 13.7.20 (Lanzamiento disponible a principios de agosto) Consulte las notas de la versi\u00f3n (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). Puede descargar la \u00faltima versi\u00f3n de Data Center \u0026amp; Server desde el centro de descargas (https://www.atlassian.com/software/confluence/download-archives). Si no puede actualizar su instancia, utilice la siguiente gu\u00eda para solucionar el problema https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html Esta vulnerabilidad fue descubierta por un usuario privado y reportada a trav\u00e9s de nuestro programa Bug Bounty."
    }
  ],
  "id": "CVE-2023-22508",
  "lastModified": "2024-11-21T07:44:57.507",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-18T23:15:09.297",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-88221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-88221"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-16 05:15
Modified
2024-11-21 08:54
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-94065Permissions Required
nvd@nist.govhttps://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-94065Permissions Required
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6315A65C-D63C-4A23-BD87-4CCE7FA41662",
              "versionEndExcluding": "7.19.18",
              "versionStartIncluding": "7.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5910506D-FE53-411D-8684-C5477CE44D48",
              "versionEndExcluding": "8.5.5",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B5862B-E498-44C3-8C73-8474AEA4108D",
              "versionEndExcluding": "8.7.2",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE863B2C-1277-400C-B9A6-9A7895DEDD8C",
              "versionEndExcluding": "7.19.18",
              "versionStartIncluding": "7.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A42A7385-4CBB-4EE3-B227-13CD02C50D8A",
              "versionEndExcluding": "8.5.5",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F31DE4-0A6B-4183-8E74-324DA2BF2BD1",
              "versionEndIncluding": "8.7.2",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of\u00a0CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives )."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) de alta gravedad se introdujo en las versiones 7.13.0 de Confluence Data Center y Server. Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE), con una puntuaci\u00f3n CVSS de 8,0 y un vector CVSS de CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H /A:H permite que un atacante autenticado exponga activos en su entorno susceptibles de explotaci\u00f3n, lo que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Confluence Data Center y Server actualicen a la \u00faltima versi\u00f3n; si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas: * Confluence Data Center y Server 7.19: actualice a una versi\u00f3n 7.19.18, o cualquier versi\u00f3n superior 7.19.x * Confluence Data Center y Server 8.5: actualice a una versi\u00f3n 8.5.5 o cualquier versi\u00f3n superior 8.5.x * Confluence Data Center y Server 8.7: actualice a una versi\u00f3n 8.7.2 o cualquier versi\u00f3n superior Consulte la notas de la versi\u00f3n (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). Puede descargar la \u00faltima versi\u00f3n de Confluence Data Center and Server desde el centro de descargas (https://www.atlassian.com/software/confluence/download-archives)."
    }
  ],
  "id": "CVE-2024-21673",
  "lastModified": "2024-11-21T08:54:50.613",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-16T05:15:08.730",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-94065"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-94065"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-05 04:15
Modified
2024-11-21 06:18
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-68844Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-68844Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A28735F-4827-4410-8B0B-C209ECD21DFC",
              "versionEndExcluding": "6.13.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5224DF-97AB-4D8E-B66D-FC65A1333531",
              "versionEndExcluding": "7.4.11",
              "versionStartIncluding": "6.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E776BF66-74F1-4D8E-9099-42A4E5EEE300",
              "versionEndExcluding": "7.11.6",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11303D6-258F-4FAC-A868-BF506E7F5A4E",
              "versionEndExcluding": "7.12.5",
              "versionStartIncluding": "7.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1FF67F-3FB4-4C0C-8263-3D4CA00A02CD",
              "versionEndExcluding": "6.13.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5CCD4D0-6BC7-442A-9D4D-43841FE40F3E",
              "versionEndExcluding": "7.4.11",
              "versionStartIncluding": "6.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF59072C-9911-4035-A75A-27D882988919",
              "versionEndExcluding": "7.11.6",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2534-EBEF-438B-B616-ED4FFBC9246E",
              "versionEndExcluding": "7.12.5",
              "versionStartIncluding": "7.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
    },
    {
      "lang": "es",
      "value": "Las versiones afectadas de Atlassian Confluence Server y Data Center permiten a los usuarios con una cuenta v\u00e1lida en una instancia de Confluence Data Center ejecutar c\u00f3digo Java arbitrario o ejecutar comandos del sistema arbitrarios mediante la inyecci\u00f3n de una carga \u00fatil OGNL. Las versiones afectadas son las versiones anteriores a 6.13.23, desde la versi\u00f3n 6.14.0 hasta la 7.4.11, desde la versi\u00f3n 7.5.0 hasta la 7.11.6 y desde la versi\u00f3n 7.12.0 hasta la 7.12.5"
    }
  ],
  "id": "CVE-2021-39114",
  "lastModified": "2024-11-21T06:18:36.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-05T04:15:08.707",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-68844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-68844"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-12-06 05:15
Modified
2024-11-21 07:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References
security@atlassian.comhttps://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-93502Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-93502Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center 8.7.0
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A015179-59B5-4D96-9052-09DB29D0916C",
              "versionEndExcluding": "7.19.17",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA7D282-A8E0-489F-84C1-C6E408A9B4ED",
              "versionEndExcluding": "8.4.5",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "083AB6F4-E31A-42A8-ADFD-78EC9707C2E3",
              "versionEndExcluding": "8.5.4",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48F8516-17B8-4389-937F-3F9F739F6D0F",
              "versionEndExcluding": "8.6.2",
              "versionStartIncluding": "8.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED19C83-6D8B-45B1-AAC3-F4C6B12C0E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3807D8DA-9B6B-4BC9-BDAA-ADA323D01BF6",
              "versionEndExcluding": "7.19.17",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DAC707F-D5C9-45F8-AB03-2978D4D918E8",
              "versionEndExcluding": "8.4.5",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1272EBF-A45E-42A7-A71B-401DF806E38D",
              "versionEndExcluding": "8.5.4",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad de inyecci\u00f3n de plantilla permite a un atacante autenticado, incluido uno con acceso an\u00f3nimo, inyectar entradas de usuario no seguras en una p\u00e1gina de Confluence. Con este enfoque, un atacante puede lograr la ejecuci\u00f3n remota de c\u00f3digo (RCE) en una instancia afectada. Las versiones de acceso p\u00fablico de Confluence Data Center and Server que se enumeran a continuaci\u00f3n est\u00e1n en riesgo y requieren atenci\u00f3n inmediata. Consulte el aviso para obtener detalles adicionales. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema."
    }
  ],
  "id": "CVE-2023-22522",
  "lastModified": "2024-11-21T07:44:58.503",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 6.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-06T05:15:09.587",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93502"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-11-15 01:15
Modified
2024-11-21 07:25
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded.
References
cve@mitre.orghttps://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1Exploit, Third Party Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DCE81E-3331-4AE9-802D-50B7D8DCDD84",
              "versionEndExcluding": "1.3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded."
    },
    {
      "lang": "es",
      "value": "El complemento Netic User Export anterior a 1.3.5 para Atlassian Confluence tiene la funcionalidad de generar una lista de usuarios en la aplicaci\u00f3n y exportarla. Durante la exportaci\u00f3n, la solicitud HTTP tiene un par\u00e1metro fileName que acepta cualquier archivo del sistema (por ejemplo, una clave privada SSH) para descargar."
    }
  ],
  "id": "CVE-2022-42977",
  "lastModified": "2024-11-21T07:25:43.623",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-15T01:15:13.580",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-10-04 14:15
Modified
2024-11-21 07:44
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References
security@atlassian.comhttp://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@atlassian.comhttps://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515Vendor Advisory
security@atlassian.comhttps://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-92475Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-92475Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "cisaActionDue": "2023-10-13",
  "cisaExploitAdd": "2023-10-05",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.",
  "cisaVulnerabilityName": "Atlassian Confluence Data Center and Server Broken Access Control Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B2AD9F-CBA6-4559-9AE3-5F76A9EC3B7F",
              "versionEndExcluding": "8.3.3",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F9918D-6848-4CD6-8096-4FB48C23818B",
              "versionEndExcluding": "8.4.3",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D646BCF-214F-449D-AEEB-B253E8715394",
              "versionEndExcluding": "8.5.2",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "970A3DA7-5114-4696-A93D-C3D5AFF5C6C5",
              "versionEndExcluding": "8.3.3",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB19CD-AE29-4775-91C5-05B01A96AC6C",
              "versionEndExcluding": "8.4.3",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79229BE7-0AA0-4308-8BB2-8FB11E8B9AD7",
              "versionEndExcluding": "8.5.2",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. \r\n\r\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. "
    },
    {
      "lang": "es",
      "value": "Atlassian ha sido informado de un problema informado por un pu\u00f1ado de clientes en el que atacantes externos pueden haber explotado una vulnerabilidad previamente desconocida en instancias de Confluence Data Center and Server de acceso p\u00fablico para crear cuentas de administrador de Confluence no autorizadas y acceder a instancias de Confluence. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema."
    }
  ],
  "id": "CVE-2023-22515",
  "lastModified": "2024-11-21T07:44:57.830",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-10-04T14:15:10.440",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-92475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-92475"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-05-01 17:15
Modified
2024-11-21 07:44
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-82403Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-82403Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACD9E451-29B3-4D59-88E5-9AAB52C64B29",
              "versionEndExcluding": "7.13.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6EA4793-BF98-4C48-9B80-90487A33B8C2",
              "versionEndExcluding": "7.19.7",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D5FBFE8-F97B-4E6B-B6AB-7EF9955B66BA",
              "versionEndExcluding": "8.2.0",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A9A23C3-4831-4882-9786-F63F8990206C",
              "versionEndExcluding": "7.13.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9F35096-F530-45EA-827F-56537235CCE3",
              "versionEndExcluding": "7.19.7",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBB9EBB-FFFA-4AE8-BA5A-D06D6D9A309E",
              "versionEndExcluding": "8.2.0",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.\r\n\r\nThis vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.\r\n\r\nThe affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0."
    }
  ],
  "id": "CVE-2023-22503",
  "lastModified": "2024-11-21T07:44:56.947",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-01T17:15:08.993",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-82403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-82403"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-02-13 18:29
Modified
2024-11-21 04:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
References
security@atlassian.comhttp://www.securityfocus.com/bid/107041Third Party Advisory, VDB Entry
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-57814Issue Tracking, Vendor Advisory
security@atlassian.comhttps://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107041Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-57814Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/Third Party Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2CCA37-B9C8-46C3-B839-25F287BFE635",
              "versionEndExcluding": "6.13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "281F6F1E-E4D1-436F-928E-535816C24954",
              "versionEndExcluding": "6.14.0",
              "versionStartIncluding": "6.13.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F58782-D4F6-46BC-BFBC-187372FEB8DB",
              "versionEndExcluding": "6.13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81398F6D-D05D-4B06-945C-7B429D11A839",
              "versionEndExcluding": "6.14.0",
              "versionStartIncluding": "6.13.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature."
    },
    {
      "lang": "es",
      "value": "Atlassian Confluence Server and Data Center, en versiones anteriores a la 6.13.1, permite que un usuario autenticado descargue una p\u00e1gina eliminada mediante la caracter\u00edstica de exportaci\u00f3n de palabras."
    }
  ],
  "id": "CVE-2018-20237",
  "lastModified": "2024-11-21T04:01:08.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-13T18:29:00.667",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107041"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-57814"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-57814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-03 00:15
Modified
2024-11-21 05:55
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
References
security@atlassian.comhttp://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.htmlExploit, Third Party Advisory, VDB Entry
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-67893Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-67893Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *


To clipboard 

{
  "cisaActionDue": "2022-04-18",
  "cisaExploitAdd": "2022-03-28",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83557716-7A48-48D5-85A9-4A29DBF4F511",
              "versionEndExcluding": "7.4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A310D77-1FFF-4FFE-AD50-75DFF973EB3F",
              "versionEndExcluding": "7.12.3",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA04112-3B97-491B-93E6-80C444274430",
              "versionEndExcluding": "7.4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1148DF0-42C0-435F-A6EB-EFA93E10E8D7",
              "versionEndExcluding": "7.12.3",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."
    },
    {
      "lang": "es",
      "value": "Las versiones afectadas de Atlassian Confluence Server permiten a los atacantes remotos visualizar recursos restringidos por medio de una vulnerabilidad de lectura arbitraria de archivos de autorizaci\u00f3n previa en el endpoint /s/.\u0026#xa0;Las versiones afectadas son anteriores a la versi\u00f3n 7.4.10 y desde la versi\u00f3n 7.5.0 anteriores a 7.12.3"
    }
  ],
  "id": "CVE-2021-26085",
  "lastModified": "2024-11-21T05:55:50.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-03T00:15:08.557",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-67893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-67893"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-425"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-02-15 04:15
Modified
2024-11-21 06:30
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-66550Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-66550Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian confluence_server *
microsoft windows -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83557716-7A48-48D5-85A9-4A29DBF4F511",
              "versionEndExcluding": "7.4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A310D77-1FFF-4FFE-AD50-75DFF973EB3F",
              "versionEndExcluding": "7.12.3",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA04112-3B97-491B-93E6-80C444274430",
              "versionEndExcluding": "7.4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1148DF0-42C0-435F-A6EB-EFA93E10E8D7",
              "versionEndExcluding": "7.12.3",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."
    },
    {
      "lang": "es",
      "value": "Las versiones afectadas de Atlassian Confluence Server y Data Center permiten a los atacantes locales autentificados conseguir privilegios elevados en el sistema local a trav\u00e9s de una vulnerabilidad de DLL Hijacking en el instalador de Confluence. Esta vulnerabilidad s\u00f3lo afecta a las instalaciones de Confluence Server y Data Center en Windows. Las versiones afectadas son anteriores a la versi\u00f3n 7.4.10, y desde la versi\u00f3n 7.5.0 hasta la versi\u00f3n7.12.3"
    }
  ],
  "id": "CVE-2021-43940",
  "lastModified": "2024-11-21T06:30:02.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-02-15T04:15:07.177",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "security@atlassian.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-07-18 21:15
Modified
2024-11-21 07:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] This vulnerability was discovered by a private user and reported via our Bug Bounty program.
References
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-88265Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-88265Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4502C12-1DC4-41A0-91A5-4D105D21D9FB",
              "versionEndExcluding": "8.3.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D643B5D8-E584-45E0-8112-2B0274213C34",
              "versionEndExcluding": "8.3.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center \u0026 Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you\u0027re unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).]  You can download the latest version of Confluence Data Center \u0026 Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] \n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program."
    }
  ],
  "id": "CVE-2023-22505",
  "lastModified": "2024-11-21T07:44:57.220",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-18T21:15:15.583",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-88265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-88265"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-04-30 16:29
Modified
2024-11-21 04:01
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.
References
security@atlassian.comhttps://ecosystem.atlassian.net/browse/APL-1373Issue Tracking, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-58208Issue Tracking, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CRUC-8379Issue Tracking, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CWD-5362Issue Tracking, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/FE-7161Issue Tracking, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/JRASERVER-68855Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://ecosystem.atlassian.net/browse/APL-1373Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-58208Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CRUC-8379Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CWD-5362Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/FE-7161Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/JRASERVER-68855Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
atlassian application_links *
atlassian application_links *
atlassian application_links *
atlassian application_links *
atlassian application_links *
atlassian confluence_data_center *
atlassian confluence_server *
atlassian crowd *
atlassian crucible *
atlassian fisheye *
atlassian jira_data_center *
atlassian jira_data_center *
atlassian jira_server *
atlassian jira_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2693A891-F156-4E34-B8FE-C5B50B3B4864",
              "versionEndExcluding": "5.0.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40944714-8855-458B-B776-0AF4E2AE7CDF",
              "versionEndExcluding": "5.2.10",
              "versionStartIncluding": "5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4225CCB-FD35-4B93-BC1E-85F0E83383E0",
              "versionEndExcluding": "5.3.6",
              "versionStartIncluding": "5.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68F3DE59-0A8E-40F9-901D-F2D3C0EA546F",
              "versionEndExcluding": "5.4.12",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5414E46-B9B0-4ABF-9DDF-C1EBB8E829AE",
              "versionEndExcluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1777CAE-0B14-4AD2-873F-CF5D3A0B79E4",
              "versionEndExcluding": "6.15.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D64E9D0-0393-4871-AEE3-0D4CAD045EAE",
              "versionEndExcluding": "6.15.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF812D66-1379-4421-B192-21BF9F51C1EE",
              "versionEndExcluding": "3.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C140AB4-C751-4D25-B1E7-BC1729D25B4D",
              "versionEndExcluding": "4.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40DD6225-F761-4E32-B6E9-45A9C79D4AD2",
              "versionEndExcluding": "4.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BBC078-951C-4109-A8E5-F13DD36CE837",
              "versionEndExcluding": "7.13.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A2B3FB-45D3-4DB2-B10C-68E827E72837",
              "versionEndExcluding": "8.1.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7E474F-E673-4414-A534-8E709AC6CBFF",
              "versionEndExcluding": "7.13.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "660409CF-397F-4D27-A331-37414A5547E5",
              "versionEndExcluding": "8.1.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0."
    },
    {
      "lang": "es",
      "value": "Application Links anterior a la versi\u00f3n 5.0.11, desde la versi\u00f3n 5.1.0 a la 5.2.10, desde la versi\u00f3n 5.3.0 a la 5.3.6, desde la versi\u00f3n 5.4.0 a la 5.4.12, y desde la versi\u00f3n 6.0.0 a la 6.0.4, permite a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo cross site scripting (XSS) en el par\u00e1metro applinkStartingUrl. El producto es usado como un complemento en varios productos de Atlassian donde se ven impactados los siguientes: Confluence anterior a la versi\u00f3n 6.15.2, Crucible before anterior a la versi\u00f3n 4.7.0, Crowd anterior a la versi\u00f3n 3.4.3, Fisheye anterior a la versi\u00f3n 4.7.0, Jira anterior a la versi\u00f3n 7.13.3 y versi\u00f3n 8.x anterior a 8.1.0."
    }
  ],
  "id": "CVE-2018-20239",
  "lastModified": "2024-11-21T04:01:08.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-30T16:29:00.247",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://ecosystem.atlassian.net/browse/APL-1373"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-58208"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CRUC-8379"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CWD-5362"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/FE-7161"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JRASERVER-68855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://ecosystem.atlassian.net/browse/APL-1373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-58208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CRUC-8379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CWD-5362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/FE-7161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JRASERVER-68855"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-20 18:15
Modified
2024-11-21 06:53
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
References
security@atlassian.comhttps://jira.atlassian.com/browse/BAM-21795Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/BSERV-13370Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-79476Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CRUC-8541Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CWD-5815Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/FE-7410Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/JRASERVER-73897Issue Tracking, Patch, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/JSDSERVER-11863Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/BAM-21795Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/BSERV-13370Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-79476Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CRUC-8541Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CWD-5815Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/FE-7410Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/JRASERVER-73897Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/JSDSERVER-11863Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
atlassian bamboo *
atlassian bamboo *
atlassian bamboo *
atlassian bamboo *
atlassian bitbucket *
atlassian bitbucket *
atlassian bitbucket *
atlassian bitbucket *
atlassian bitbucket *
atlassian bitbucket 8.0.0
atlassian bitbucket 8.1.0
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center 7.18.0
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server 7.18.0
atlassian crowd *
atlassian crowd *
atlassian crowd 5.0.0
atlassian crucible *
atlassian fisheye *
atlassian jira_data_center *
atlassian jira_data_center *
atlassian jira_data_center *
atlassian jira_server *
atlassian jira_server *
atlassian jira_server *
atlassian jira_service_desk *
atlassian jira_service_desk *
atlassian jira_service_management *
atlassian jira_service_management *
atlassian jira_service_management *
atlassian jira_service_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "218C960A-04C6-4242-BEBA-C81CF5F1F722",
              "versionEndExcluding": "7.2.10",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E360CDE0-FD1E-4337-8268-DB89CF605EE0",
              "versionEndExcluding": "8.0.9",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0913EE0-2046-4E7E-966D-DC894E34D12B",
              "versionEndExcluding": "8.1.8",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D182C1B1-A5FF-4777-9835-4E9114BB68DC",
              "versionEndExcluding": "8.2.4",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DCD53E4-3169-4E8A-88D1-38BE51D09DD3",
              "versionEndExcluding": "7.6.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B878E40-95A7-40A7-9C52-6BC0C2FD3F54",
              "versionEndExcluding": "7.17.8",
              "versionStartIncluding": "7.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46305D5A-7F7B-4A04-9DAD-E582D1193A7E",
              "versionEndExcluding": "7.19.5",
              "versionStartIncluding": "7.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96B135B-9272-457E-A557-6566554262D3",
              "versionEndExcluding": "7.20.2",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62956861-BEDE-40C8-B628-C831087E7BDB",
              "versionEndExcluding": "7.21.2",
              "versionStartIncluding": "7.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A85565F-3F80-4E00-A706-AB4B2EAA4AFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E2E3C0-CDF0-4D79-80A6-85E71B947ED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C543CA6-8E8A-476C-AB27-614DF4EC68A5",
              "versionEndExcluding": "7.4.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45FD913B-45DE-4CA8-9733-D62F54B19E74",
              "versionEndExcluding": "7.13.7",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E753EB-0D31-448B-B8DE-0A95434CC97C",
              "versionEndExcluding": "7.14.3",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE114494-74F0-454C-AAC4-8B8E5F1C67D0",
              "versionEndExcluding": "7.15.2",
              "versionStartIncluding": "7.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BB3572-29ED-415F-AD34-00EB76271F9C",
              "versionEndExcluding": "7.16.4",
              "versionStartIncluding": "7.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30EF756A-B4E9-4E5D-BE6F-02CE95F12C9C",
              "versionEndExcluding": "7.17.4",
              "versionStartIncluding": "7.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56B6A10-E23F-49EF-8C07-1AEDFCAE2788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8BE634-1599-4790-9410-6CA43BC60C4D",
              "versionEndExcluding": "7.4.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E68DFD-48F5-4949-AFEA-3829CA5DFC04",
              "versionEndExcluding": "7.13.7",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DCDEC6C-4515-4CAA-9D82-7BF68A3AAE7E",
              "versionEndExcluding": "7.14.3",
              "versionStartIncluding": "7.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9948F94-DF67-4E3C-8CD4-417D57FBC60F",
              "versionEndExcluding": "7.15.2",
              "versionStartIncluding": "7.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E63ECB-85A8-4D41-A9B5-9FFF18D9CDB1",
              "versionEndExcluding": "7.16.4",
              "versionStartIncluding": "7.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "694171BD-FAE2-472C-8183-04BCA2F7B9A7",
              "versionEndExcluding": "7.17.4",
              "versionStartIncluding": "7.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC5E81B-DA4B-45E7-9584-4B576E49FD8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE028964-B3FC-4883-9967-68DE46EE7F6F",
              "versionEndExcluding": "4.3.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DC9E2A-4C89-420D-9330-F11E56BF2F83",
              "versionEndExcluding": "4.4.2",
              "versionStartIncluding": "4.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C50A718F-C67B-4462-BB7E-F80408DEF07D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92329A2E-13E8-4818-85AB-3E7F479411EF",
              "versionEndExcluding": "4.8.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DDE751-CA88-4CFB-9E60-4243851B4B53",
              "versionEndExcluding": "4.8.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91B8507-A7A7-4B74-9999-F1DEA9F487A9",
              "versionEndExcluding": "8.13.22",
              "versionStartIncluding": "8.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "963AE427-2897-42CB-AE11-654D700E690B",
              "versionEndExcluding": "8.20.10",
              "versionStartIncluding": "8.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7CD8891-BB97-4AD3-BEE4-6CCA0D8A2D85",
              "versionEndExcluding": "8.22.4",
              "versionStartIncluding": "8.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E73A5202-6114-48E6-8F9B-C03B2E707055",
              "versionEndExcluding": "8.13.22",
              "versionStartIncluding": "8.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22AB11D-1D73-45DC-803C-146EFED18CDA",
              "versionEndExcluding": "8.20.10",
              "versionStartIncluding": "8.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2091E9-0B14-4786-852F-454C56D20839",
              "versionEndExcluding": "8.22.4",
              "versionStartIncluding": "8.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "1451C219-8AAA-4165-AE2C-033EF7B6F93A",
              "versionEndExcluding": "4.13.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*",
              "matchCriteriaId": "BD23F987-0F14-4938-BB51-4EE61C24EB62",
              "versionEndExcluding": "4.13.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "39F77953-41D7-4398-9F07-2A057A993762",
              "versionEndExcluding": "4.20.10",
              "versionStartIncluding": "4.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
              "matchCriteriaId": "CADBE0E7-36D9-4F6F-BEE6-A1E0B9428C2A",
              "versionEndExcluding": "4.20.10",
              "versionStartIncluding": "4.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "DC0DB08B-2034-4691-A7B2-3E5F8B6318B1",
              "versionEndExcluding": "4.22.4",
              "versionStartIncluding": "4.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
              "matchCriteriaId": "97A17BE7-7CCC-46D8-A317-53E2B026DF6E",
              "versionEndExcluding": "4.22.4",
              "versionStartIncluding": "4.21.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en diversos productos de Atlassian permite a un atacante remoto no autenticado causar que sean invocados Filtros Servlet adicionales cuando la aplicaci\u00f3n procesa peticiones o respuestas. Atlassian ha confirmado y corregido el \u00fanico problema de seguridad conocido asociado a esta vulnerabilidad: Omisi\u00f3n de recursos de origen cruzado (CORS). El env\u00edo de una petici\u00f3n HTTP especialmente dise\u00f1ada puede invocar el filtro Servlet usado para responder a las peticiones CORS, resultando en una omisi\u00f3n de CORS. Un atacante que pueda enga\u00f1ar a un usuario para que solicite una URL maliciosa puede acceder a la aplicaci\u00f3n vulnerable con los permisos de la v\u00edctima. Est\u00e1n afectadas las versiones de Atlassian Bamboo anteriores a 8.0.9, desde la 8.1.0 anteriores a 8.1.8 y de la 8.2.0 anteriores a 8.2.4. Las versiones de Atlassian Bitbucket est\u00e1n afectadas anteriores a 7.6.16, desde la 7.7.0 anteriores a 7.17.8, desde la 7.18.0 anteriores a 7.19.5, desde la 7.20.0 anteriores a 7.20.2, desde la 7.21.0 anteriores a 7.21.2, y las versiones 8.0.0 y 8.1.0. Est\u00e1n afectadas las versiones de Atlassian Confluence anteriores a 7.4.17, desde la 7.5.0 anteriores a 7.13.7, desde la 7.14.0 anteriores a 7.14.3, desde la 7.15.0 anteriores a 7.15.2, desde la 7.16.0 anteriores a 7.16.4, desde la 7.17.0 anteriores a 7.17.4 y la versi\u00f3n 7.21.0. Est\u00e1n afectadas las versiones de Atlassian Crowd anteriores a 4.3.8, desde la 4.4.0 hasta 4.4.2, y la versi\u00f3n 5.0.0. Est\u00e1n afectadas las versiones de Atlassian Fisheye y Crucible anteriores a 4.8.10. Est\u00e1n afectadas las versiones de Atlassian Jira anteriores a 8.13.22, desde la 8.14.0 hasta 8.20.10, y desde la 8.21.0 hasta 8.22.4. Las versiones de Atlassian Jira Service Management est\u00e1n afectadas anteriores a 4.13.22, desde la 4.14.0 anteriores a 4.20.10, y desde la 4.21.0 anteriores a 4.22.4"
    }
  ],
  "id": "CVE-2022-26137",
  "lastModified": "2024-11-21T06:53:30.583",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-07-20T18:15:08.557",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BAM-21795"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BSERV-13370"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CRUC-8541"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CWD-5815"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/FE-7410"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BAM-21795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BSERV-13370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CRUC-8541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CWD-5815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/FE-7410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-180"
        }
      ],
      "source": "security@atlassian.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-11-15 01:15
Modified
2024-11-21 07:25
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
References
cve@mitre.orghttps://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1Exploit, Third Party Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DCE81E-3331-4AE9-802D-50B7D8DCDD84",
              "versionEndExcluding": "1.3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system."
    },
    {
      "lang": "es",
      "value": "En el complemento Netic User Export anterior a 1.3.5 para Atlassian Confluence, la autorizaci\u00f3n se maneja mal. Un atacante no autenticado podr\u00eda acceder a archivos del sistema remoto."
    }
  ],
  "id": "CVE-2022-42978",
  "lastModified": "2024-11-21T07:25:43.767",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-15T01:15:13.693",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-10-31 15:15
Modified
2024-11-21 07:44
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.  Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References
security@atlassian.comhttp://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@atlassian.comhttps://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907Issue Tracking, Mitigation, Vendor Advisory
security@atlassian.comhttps://jira.atlassian.com/browse/CONFSERVER-93142Issue Tracking, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907Issue Tracking, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jira.atlassian.com/browse/CONFSERVER-93142Issue Tracking, Mitigation, Vendor Advisory
Impacted products
Vendor Product Version
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center *
atlassian confluence_data_center 8.6.0
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server *
atlassian confluence_server 8.6.0


To clipboard 

{
  "cisaActionDue": "2023-11-28",
  "cisaExploitAdd": "2023-11-07",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Atlassian Confluence Data Center and Server Improper Authorization Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B807590-F41A-4F12-87DF-698D83853191",
              "versionEndExcluding": "7.19.16",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65733215-581D-4F2A-B023-899386A4A59C",
              "versionEndExcluding": "8.3.4",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B04148-6AE0-4FD2-BD3D-B07A9E62F229",
              "versionEndExcluding": "8.4.4",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3660C634-0DB0-40B2-A905-1E00360A53FB",
              "versionEndExcluding": "8.5.3",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E3896A-C145-44DB-8370-9263A139765D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E147060-0403-4D4C-8E87-453077B4C4CE",
              "versionEndExcluding": "7.19.16",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FD0F88-133B-4421-8644-1948FDA2AA65",
              "versionEndExcluding": "8.3.4",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F459BB01-A089-4128-93AD-A71FE3B49E22",
              "versionEndExcluding": "8.4.4",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA741B1-9AA7-42F6-8F50-32FE732D25D5",
              "versionEndExcluding": "8.5.3",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E995F8F6-E9A6-4076-8AE8-38A28A5F58D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to\u00a0Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.\u00a0\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue."
    },
    {
      "lang": "es",
      "value": "Todas las versiones de Confluence Data Center y Server se ven afectadas por esta vulnerabilidad no explotada. No hay ning\u00fan impacto en la confidencialidad ya que un atacante no puede filtrar ning\u00fan dato de la instancia. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema."
    }
  ],
  "id": "CVE-2023-22518",
  "lastModified": "2024-11-21T07:44:58.213",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security@atlassian.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-31T15:15:08.573",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-93142"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}