Atlassian Confluence Server Vulnerability for Remote Attackers
CVE-2020-4027

4.7MEDIUM

Key Information:

Vendor: Atlassian
Status: Confluence Server; Confluence Data Center
Vendor: CVE Published:; 1 July 2020

What is CVE-2020-4027?

This vulnerability allowed remote attackers with system admin privileges to bypass velocity template injection mitigations through an injection flaw in custom user macros within Atlassian Confluence Server and Data Center. Affected versions include those prior to 7.4.5 and versions ranging from 7.5.0 to just under 7.5.1. Exploiting this vulnerability could lead to unauthorized actions that could compromise server integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Confluence Data Center < 7.4.5

Confluence Data Center 7.5.0

Confluence Data Center < 7.5.1

References

https://jira.atlassian.com/browse/CONFSERVER-59898

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2020
Vulnerability Reserved
Dec 30, 2019

JSON

Atlassian