vulnerability

Atlassian Confluence: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CVE-2020-4027)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Jul 1, 2020	Jul 10, 2020	Sep 18, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Jul 1, 2020

Added

Jul 10, 2020

Modified

Sep 18, 2024

Description

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1.

Solution

atlassian-confluence-upgrade-7_5_1

References

CVE-2020-4027
https://attackerkb.com/topics/CVE-2020-4027

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today