Atlassian Confluence Data Center 8.7.0
Approved changes feed: RSS · Atom
cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*
part: a version: 8.7.0 update: *
| Vendor | Atlassian (8acde0d4-2b83-5bd8-8d3f-60d59e0b022e) |
|---|---|
| Product | Confluence Data Center (1470b79f-f7cc-5d03-b22f-62dd24788ec7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-21677 |
vulnerable | 2026-06-03 14:54:50.459733 |
Details available
HIGH (8.3)
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version.
If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html
You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.
This vulnerability was reported via our Bug Bounty program.
Published: 2024-03-19T17:00:00.486Z
Updated: 2025-03-13T17:39:21.647Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22527 |
vulnerable | 2026-06-03 14:49:19.539346 |
Details available
CRITICAL (10)
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.
Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Published: 2024-01-16T05:00:00.692Z
Updated: 2025-10-21T23:05:28.527Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22522 |
vulnerable | 2026-06-03 14:49:19.527882 |
Details available
CRITICAL (9)
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Published: 2023-12-06T05:00:02.870Z
Updated: 2026-02-25T16:52:11.981Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.