Atlassian

Confluence Server

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2019-3398

Warnung Exploit
  • EPSS 94.01%
  • Veröffentlicht 18.04.2019 18:29:00
  • Zuletzt bearbeitet 24.10.2025 13:39:16

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admi...

10

CVE-2019-3396

Warnung Exploit
  • EPSS 94.47%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 24.10.2025 13:39:21

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from...

9.8

CVE-2019-3395

  • EPSS 13.61%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:01

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) al...

6.5

CVE-2018-20237

  • EPSS 0.55%
  • Veröffentlicht 13.02.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:08

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

7.5

CVE-2017-7415

Exploit
  • EPSS 1.09%
  • Veröffentlicht 27.04.2017 10:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

7.5

CVE-2016-6668

  • EPSS 1.32%
  • Veröffentlicht 23.01.2017 21:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers...

6.8

CVE-2012-6342

Exploit
  • EPSS 0.18%
  • Veröffentlicht 13.05.2014 14:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.

9.1

CVE-2012-2926

  • EPSS 56.38%
  • Veröffentlicht 22.05.2012 15:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before...

6.4

CVE-2012-2928

  • EPSS 1.93%
  • Veröffentlicht 22.05.2012 15:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (re...