CVE-2020-4027 is a vulnerability in Atlassian Confluence
Published on July 1, 2020
Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1.
Products Associated with CVE-2020-4027
Want to know whenever a new CVE is published for Atlassian Confluence? stack.watch will email you.
Affected Versions
Atlassian Confluence Server:- Version unspecified and below 7.4.5 is affected.
- Version 7.5.0 and below unspecified is affected.
- Version unspecified and below 7.5.1 is affected.
- Version unspecified and below 7.4.5 is affected.
- Version 7.5.0 and below unspecified is affected.
- Version unspecified and below 7.5.1 is affected.
Exploit Probability
EPSS
0.15%
Percentile
35.01%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.