Atlassian Confluence Server Vulnerability for Remote Attackers
CVE-2020-4027

4.7MEDIUM

Key Information:

Vendor: Atlassian
Status: Confluence Server; Confluence Data Center
Vendor: CVE Published:; 1 July 2020

Summary

This vulnerability allowed remote attackers with system admin privileges to bypass velocity template injection mitigations through an injection flaw in custom user macros within Atlassian Confluence Server and Data Center. Affected versions include those prior to 7.4.5 and versions ranging from 7.5.0 to just under 7.5.1. Exploiting this vulnerability could lead to unauthorized actions that could compromise server integrity.

Affected Version(s)

Confluence Data Center < 7.4.5

Confluence Data Center 7.5.0

Confluence Data Center < 7.5.1

References

https://jira.atlassian.com/browse/CONFSERVER-59898

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2020
Vulnerability Reserved
Dec 30, 2019