Atlassian Confluence Server vulnerabilities

CVE-2025-22166 [HIGH] CWE-405 CVE-2025-22166: This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network. At

CVE-2024-21703 [MEDIUM] CWE-732 CVE-2024-21703: This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Conf This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center confi

CVE-2024-21690 [HIGH] CWE-79 CVE-2024-21690: This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability, with a CVSS Score of 7.1, allows an unauthe

CVE-2024-21686 [HIGH] CWE-79 CVE-2024-21686: This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Cente This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to av

CVE-2024-21683 [HIGH] CWE-94 CVE-2024-21683: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Conflu This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availabi

CVE-2024-21677 [HIGH] CWE-22 CVE-2024-21677: This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires u

CVE-2024-21678 [HIGH] CWE-79 CVE-2024-21678: This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Cente This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability,

CVE-2023-22527 [CRITICAL] CWE-74 CVE-2023-22527: A template injection vulnerability on older versions of Confluence Data Center and Server allows an A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ulti

CVE-2024-21672 [HIGH] CWE-94 CVE-2024-21672: This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Conf This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment suscept

CVE-2023-22512 [HIGH] CWE-400 CVE-2023-22512: This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluen This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a vulnerable host (Confluence i

CVE-2024-21673 [HIGH] CWE-94 CVE-2024-21673: This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Co This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to e

CVE-2023-22526 [HIGH] CWE-94 CVE-2023-22526: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Con This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, an

CVE-2024-21674 [HIGH] CWE-94 CVE-2024-21674: This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Con This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to

CVE-2023-22522 [HIGH] CWE-74 CVE-2023-22522: This Template Injection vulnerability allows an authenticated attacker, including one with anonymous This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at ri

CVE-2023-22518 [CRITICAL] CWE-863 CVE-2023-22518: All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Th All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to

CVE-2023-22515 [CRITICAL] CWE-20 CVE-2023-22515: Atlassian has been made aware of an issue reported by a handful of customers where external attacker Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affect

CVE-2023-22508 [HIGH] CVE-2023-22508: This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high imp

CVE-2023-22505 [HIGH] CVE-2023-22505: This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impa

CVE-2023-22504 [MEDIUM] CWE-434 CVE-2023-22504: Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

CVE-2023-22503 [MEDIUM] CWE-200 CVE-2023-22503: Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. Th