CVSS: 8.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-21678
https://notcve.org/view.php?id=CVE-2024-21678
20 Feb 2024 — This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction. Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21682
https://notcve.org/view.php?id=CVE-2024-21682
20 Feb 2024 — This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you ma... • https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2023-22512
https://notcve.org/view.php?id=CVE-2023-22512
16 Jan 2024 — To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a vulnerable host (Confluence instance) connected to a network, which has no impact to c... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22514
https://notcve.org/view.php?id=CVE-2023-22514
16 Jan 2024 — To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to i... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1299929380 •
CVSS: 9.0EPSS: 1%CPEs: 6EXPL: 0CVE-2024-21673
https://notcve.org/view.php?id=CVE-2024-21673
16 Jan 2024 — This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction. Atlassian r... • https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2024-21672
https://notcve.org/view.php?id=CVE-2024-21672
16 Jan 2024 — This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian ... • https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 94%CPEs: 3EXPL: 28CVE-2023-22527 – Atlassian Confluence Data Center and Server Template Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-22527
16 Jan 2024 — A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances f... • https://packetstorm.news/files/id/179520 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.6EPSS: 2%CPEs: 6EXPL: 0CVE-2024-21674
https://notcve.org/view.php?id=CVE-2024-21674
16 Jan 2024 — This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. Atlassian reco... • https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-22526
https://notcve.org/view.php?id=CVE-2023-22526
16 Jan 2024 — This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your ... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 34%CPEs: 8EXPL: 0CVE-2023-22522
https://notcve.org/view.php?id=CVE-2023-22522
06 Dec 2023 — This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence s... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •