FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2024-01-24 | CVE-2023-22527 | critical | ⚡RCE ⌖KEV | 95 | Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution. |
| 2022-06-02 | CVE-2022-26134 | critical | ⚡RCE ◐0day ⌖KEV | 95 | Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution. |
| 2021-11-03 | CVE-2019-3396 | critical | ⚡RCE ⌖KEV | 95 | Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution. |
| 2021-11-03 | CVE-2021-26084 | critical | ⚡RCE ⌖KEV | 95 | Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code. |
| 2021-11-03 | CVE-2019-11580 | critical | ⚡RCE ⌖KEV | 95 | Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds. |
| 2023-11-07 | CVE-2023-22518 | critical | ⌖KEV | 80 | Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data. |
| 2023-10-05 | CVE-2023-22515 | critical | ⌖KEV | 80 | Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. |
| 2022-03-28 | CVE-2021-26085 | critical | ⌖KEV | 80 | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint. |
| 2022-09-30 | CVE-2022-36804 | high | ⚡RCE ⌖KEV | 65 | Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request. |
| 2022-03-07 | CVE-2019-11581 | high | ⚡RCE ⌖KEV | 65 | Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution. |
| 2021-11-03 | CVE-2019-3398 | high | ⚡RCE ⌖KEV | 65 | Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution. |
| 2024-11-12 | CVE-2021-26086 | high | ⌖KEV | 50 | Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint. |
| 2022-07-29 | CVE-2022-26138 | high | ⌖KEV | 50 | Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group. |