7.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-03	CVE-2022-26134	Expression Language Injection vulnerability in Atlassian Confluence Data Center In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. network low complexity atlassian CWE-917 critical	9.8
2022-04-05	CVE-2021-39114	Code Injection vulnerability in Atlassian Confluence Data Center and Confluence Server Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. network low complexity atlassian CWE-94	8.8
2022-02-15	CVE-2021-43940	Uncontrolled Search Path Element vulnerability in Atlassian Confluence Data Center Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. local low complexity atlassian CWE-427	7.8
2021-08-30	CVE-2021-26084	Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. network low complexity atlassian CWE-917 critical	9.8
2021-08-03	CVE-2021-26085	Forced Browsing vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. network low complexity atlassian CWE-425	5.3
2021-05-07	CVE-2020-29444	Cross-site Scripting vulnerability in Atlassian Confluence Server Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters. network low complexity atlassian CWE-79	5.4
2021-05-07	CVE-2020-29445	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Confluence Server Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. network low complexity atlassian CWE-918	4.3
2021-02-22	CVE-2020-29448	Unspecified vulnerability in Atlassian Confluence Server The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. network low complexity atlassian	5.3
2020-07-24	CVE-2020-14175	Cross-site Scripting vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. network low complexity atlassian CWE-79	5.4