Vulnerabilities > Atlassian > Confluence > 6.12.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-4027 | Injection vulnerability in Atlassian Confluence Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. | 4.7 |
| 2020-02-06 | CVE-2019-20406 | Uncontrolled Search Path Element vulnerability in Atlassian Confluence The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. | 7.8 |
| 2019-12-19 | CVE-2019-15006 | Improper Control of Dynamically-Managed Code Resources vulnerability in Atlassian Confluence and Confluence Server There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. | 6.5 |
| 2019-11-08 | CVE-2019-15005 | Missing Authorization vulnerability in Atlassian products The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. | 4.3 |
| 2019-08-29 | CVE-2019-3394 | Path Traversal vulnerability in Atlassian Confluence There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. | 8.8 |