Atlassian Confluence Data Center vulnerabilities

CVE-2025-22166 [HIGH] CWE-405 CVE-2025-22166: This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network. At

CVE-2024-21703 [MEDIUM] CWE-732 CVE-2024-21703: This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Conf This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center confi

CVE-2024-4068 [HIGH] CVE-2024-4068: 9.1.0 9.0.1 to 9.0.3 8.9.0 to 8.9.7 8.8.0 to 8.8.1 8.7.1 to 8.7.2 8.6.0 to 8.6.2 8.5.0 to 8.5.16 (LTS) 8.4.0 to 8.4.5 8. CVE-2024-4068: 9.1.0 9.0.1 to 9.0.3 8.9.0 to 8.9.7 8.8.0 to 8.8.1 8.7.1 to 8.7.2 8.6.0 to 8.6.2 8.5.0 to 8.5.16 (LTS) 8.4.0 to 8.4.5 8. 9.1.0 9.0.1 to 9.0.3 8.9.0 to 8.9.7 8.8.0 to 8.8.1 8.7.1 to 8.7.2 8.6.0 to 8.6.2 8.5.0 to 8.5.16 (LTS) 8.4.0 to 8.4.5 8.3.0 to 8.3.4 8.2.0 to 8.2.3 8.1.0 to 8.1.4 8.0.0 to 8.0.4 7.20.3 7.19.4 to 7.19.28 (LT

CVE-2022-38900 [HIGH] CVE-2022-38900: DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center CVE-2022-38900: DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center CVE: CVE-2022-38900 Affected products: Confluence Data Center

CVE-2024-38816 [HIGH] CVE-2024-38816: Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and Server CVE-2024-38816: Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and Server Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and Server CVE: CVE-2024-38816 Affected products: Confluence Data Center

CVE-2023-46234 [MEDIUM] CVE-2023-46234: BASM (Broken Authentication & Session Management) browserify-sign Dependency in Confluence Data Center CVE-2023-46234: BASM (Broken Authentication & Session Management) browserify-sign Dependency in Confluence Data Center BASM (Broken Authentication & Session Management) browserify-sign Dependency in Confluence Data Center CVE: CVE-2023-46234 Affected products: Confluence Data Center

CVE-2024-21690 [HIGH] CWE-79 CVE-2024-21690: This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability, with a CVSS Score of 7.1, allows an unauthe

CVE-2024-21686 [HIGH] CWE-79 CVE-2024-21686: This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Cente This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to av

CVE-2021-36090 [HIGH] CVE-2021-36090: 8.9.0 to 8.9.3 8.8.0 to 8.8.1 8.7.1 to 8.7.2 8.6.0 to 8.6.2 8.5.0 to 8.5.11 (LTS) 8.4.0 to 8.4.5 8.3.0 to 8.3.4 8.2.0 to CVE-2021-36090: 8.9.0 to 8.9.3 8.8.0 to 8.8.1 8.7.1 to 8.7.2 8.6.0 to 8.6.2 8.5.0 to 8.5.11 (LTS) 8.4.0 to 8.4.5 8.3.0 to 8.3.4 8.2.0 to 8.9.0 to 8.9.3 8.8.0 to 8.8.1 8.7.1 to 8.7.2 8.6.0 to 8.6.2 8.5.0 to 8.5.11 (LTS) 8.4.0 to 8.4.5 8.3.0 to 8.3.4 8.2.0 to 8.2.3 8.1.0 to 8.1.4 8.0.0 to 8.0.4 7.20.0 to 7.20.3 7.19.0 to 7.19.24 (LTS) CVE:

CVE-2021-35516 [HIGH] CVE-2021-35516: DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server CVE-2021-35516: DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server CVE: CVE-2021-35516 Affected products: Confluence Data Center

CVE-2021-35517 [HIGH] CVE-2021-35517: DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server CVE-2021-35517: DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server CVE: CVE-2021-35517 Affected products: Confluence Data Center

CVE-2019-12402 [HIGH] CVE-2019-12402: DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server CVE-2019-12402: DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server CVE: CVE-2019-12402 Affected products: Confluence Data Center

CVE-2021-35515 [HIGH] CVE-2021-35515: DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server CVE-2021-35515: DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server CVE: CVE-2021-35515 Affected products: Confluence Data Center

CVE-2023-22025 [LOW] CVE-2023-22025 CVE-2023-22081 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20932 CVE-2024-20945 CVE-2023-22025 CVE-2023-22081 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20932 CVE-2024-20945 CVE-2023-22025 CVE-2023-22081 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20932 CVE-2024-20945 CVE-2024-20952 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 CVE: CVE-2023-22025 Affecte

CVE-2024-21683 [HIGH] CWE-94 CVE-2024-21683: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Conflu This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availabi

CVE-2024-21677 [HIGH] CWE-22 CVE-2024-21677: This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires u

CVE-2023-41835 [HIGH] CVE-2023-41835: DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Confluence Data Center and Serve r CVE-2023-41835: DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Confluence Data Center and Serve r DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Confluence Data Center and Serve r CVE: CVE-2023-41835 Affected products: Confluence Data Center

CVE-2024-21678 [HIGH] CWE-79 CVE-2024-21678: This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Cente This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability,

CVE-2023-22527 [CRITICAL] CWE-74 CVE-2023-22527: A template injection vulnerability on older versions of Confluence Data Center and Server allows an A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ulti

CVE-2024-21673 [HIGH] CWE-94 CVE-2024-21673: This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Co This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to e