CVE-2020-4027

Summary

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1.

Affected Software

VendorProductVersion RangeStatus
AtlassianConfluence Serverunspecified < 7.4.5affected
AtlassianConfluence Server7.5.0 < unspecifiedaffected
AtlassianConfluence Serverunspecified < 7.5.1affected
AtlassianConfluence Data Centerunspecified < 7.4.5affected
AtlassianConfluence Data Center7.5.0 < unspecifiedaffected
AtlassianConfluence Data Centerunspecified < 7.5.1affected

Weaknesses

  • Injection

ADP Enrichment

CVE Program Container

Additional References

References