CVE-2020-4027 — MEDIUM (4.7)

Q: How severe is CVE-2020-4027?

CVE-2020-4027 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-4027?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Confluence, Atlassian Confluence Server.

Vulnerability Description

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Atlassian	Confluence	< 7.4.5
Atlassian	Confluence Server	>= 7.5.0, < 7.5.1

Related Weaknesses (CWE)

CWE-74

References

https://jira.atlassian.com/browse/CONFSERVER-59898Issue TrackingPatchRelease Notes
https://jira.atlassian.com/browse/CONFSERVER-59898Issue TrackingPatchRelease Notes

FAQ

What is CVE-2020-4027?

CVE-2020-4027 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vuln...

How severe is CVE-2020-4027?

CVE-2020-4027 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4027?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Confluence, Atlassian Confluence Server.