GCVE - cpe:2.3:a:atlassian:confluence_data_center:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:confluence_data_center:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Confluence Data Center (`1470b79f-f7cc-5d03-b22f-62dd24788ec7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-21686`	vulnerable	2026-06-03 14:54:50.491472	Details available HIGH (7.3) This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Bug Bounty program. Published: 2024-07-16T20:00:02.156Z Updated: 2025-03-19T18:24:42.880Z Open on db.gcve.eu Reference links https://confluence.atlassian.com/pages/viewpage.action?pageId=1417150917 https://jira.atlassian.com/browse/CONFSERVER-96134	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-21677`	vulnerable	2026-06-03 14:54:50.466806	Details available HIGH (8.3) This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program. Published: 2024-03-19T17:00:00.486Z Updated: 2025-03-13T17:39:21.647Z Open on db.gcve.eu Reference links https://confluence.atlassian.com/pages/viewpage.action?pageId=1369444862 https://jira.atlassian.com/browse/CONFSERVER-94604	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-21673`	vulnerable	2026-06-03 14:54:50.454944	Details available HIGH (8) This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). Published: 2024-01-16T05:00:00.724Z Updated: 2025-06-03T18:47:43.178Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/CONFSERVER-94065	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26138`	not_vulnerable	2026-06-03 14:46:41.728404	Details available The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app. Published: 2022-07-20T17:25:26.913Z Updated: 2026-01-12T21:22:06.527Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/CONFSERVER-79483 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.