Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-59898

Velocity Template Injection in Custom user macros - Macros Platform - CVE-2020-4027

    XMLWordPrintable

    Details

      Description

      Atlassian Confluence Server and Data Center before version 7.5.1 allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros.

      This issue was discovered and reported by GHSL team member @pwntester (Alvaro Munoz).

      Affected versions:

      • version < 7.5.1

      Fixed versions:

      • 7.5.1

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              18 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: