Versions
< 6.13.0
8.9.0 to 8.9.5
>= 8.0.0
>= 8.5.1
>= 8.6.2
7.17.0
>= 8.3.0
>= 8.4.3
>= 8.0.2
8.4.0 to 8.4.5
>= 8.5.2
< 7.19.0
8.5.9 to 8.5.12
>= 8.7.1
>= 6.13.0
7.1.0
>= 7.13.7
>= 8.5.4
>= 2.7.0
>= 8.8.0
< 7.20.2
>= 7.19.16
< 8.0.0
>= 7.13.0
>= 7.19.20
7.7.0
8.8.0 to 8.8.1
>= 8.1.0
7.19.0 to 7.19.21
< 6.1.0
>= 7.14.0
>= 7.13.5
>= 8.0.3
< 4.0.0
7.15.0
>= 8.7.2
6.14.0
8.9.0
>= 8.4.0
8.7.1 to 8.7.2
>= 8.4.1
8.5.14
< 1.0.0
>= 8.3.3
>= 8.5.3
7.19.22 to 7.19.25
>= 8.4.4
< 2.7.0
>= 7.20.0
8.6.0 to 8.6.2
8.9.1 to 8.9.4
>= 8.3.2
>= 8.5.0
7.13.0
7.20.0 to 7.20.3
>= 7.19.8
>= 7.19.18
8.3.0 to 8.3.4
>= 6.1.0
>= 8.2.1
>= 8.2.0
8.5.0 to 8.5.8
next of 1.3.0
>= 8.6.0
>= 1.0.0
>= 4.0.0
8.5.0 to 8.5.12
7.14.0
>= 8.1.3
9.0.1 to 9.0.2
>= 7.19.0
>= 8.1.4
< 1.1.2
>= 8.2.2
>= 8.0.1
8.7.2
>= 8.5.7
7.18.0
8.1.0 to 8.1.4
7.19.26
7.12.0
>= 8.3.1
unspecified
>= 8.4.2
>= 7.20.2
>= 8.4.5
>= 8.8.1
>= 7.19.7
>= 8.5.5
>= 8.2.3
>= 7.19.17
< 7.13.0
>= 8.3.4
7.5.0
>= 1.1.2
8.7.1
>= 8.20.0
8.5.5 to 8.5.17
8.2.0 to 8.2.3
8.0.0 to 8.0.4
7.19.18 to 7.19.29
7.16.0
>= 8.6.1
>= 7.19.9
Recent CVEs
CVE-2024-21703
This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 * Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 * Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0 See the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). This vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot.
CVE-2024-21690
This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability, with a CVSS Score of 7.1, allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser and force a end user to execute unwanted actions on a web application in which they're currently authenticated which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.26 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.14 * Confluence Data Center and Server 9.0: Upgrade to a release greater than or equal to 9.0.1 See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Bug Bounty program.
CVE-2024-21686
This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Bug Bounty program.
CVE-2023-22522
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.