CVE-2020-4027

CWE-743 documents3 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 64.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Confluence Data CenterAtlassian Confluence ServerAtlassian Confluence
Timeline
PublishedJul 1
Latest updateMay 24

Description

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages4 packages

CVEListV5atlassian/confluence_data_centerunspecified7.4.5+2
CVEListV5atlassian/confluence_serverunspecified7.4.5+2
NVDatlassian/confluence_server7.5.07.5.1

Patches

Patch: jira.atlassian.comPatch: jira.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-jp4c-chxh-7gcg: Atlassian Confluence Server and Data Center before version 72022-05-24
CVEList
CVE-2020-4027: Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity te2020-07-01
CVE-2020-4027 (MEDIUM CVSS 4.7) | Affected versions of Atlassian Conf | cvebase.io