{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T19:23:20.844","vulnerabilities":[{"cve":{"id":"CVE-2020-4027","sourceIdentifier":"security@atlassian.com","published":"2020-07-01T02:15:12.350","lastModified":"2024-11-21T05:32:10.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1."},{"lang":"es","value":"Las versiones afectadas de Atlassian Confluence Server y Data Center permitían a los atacantes remotos con permisos de administración del sistema saltarse las mitigaciones de inyección de plantillas de velocidad a través de una vulnerabilidad de inyección en las macros de usuario personalizadas. Las versiones afectadas son anteriores a la versión 7.4.5, y desde la versión 7.5.0 hasta la versión 7.5.1"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*","versionEndExcluding":"7.4.5","matchCriteriaId":"5BA01DD0-D61B-4307-8829-06BECB697AE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.5.0","versionEndExcluding":"7.5.1","matchCriteriaId":"32D81366-EB40-4F36-B19B-18DEC20953F1"}]}]}],"references":[{"url":"https://jira.atlassian.com/browse/CONFSERVER-59898","source":"security@atlassian.com","tags":["Issue Tracking","Patch","Release Notes","Vendor Advisory"]},{"url":"https://jira.atlassian.com/browse/CONFSERVER-59898","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes","Vendor Advisory"]}]}}]}