Daniil Dmitriev

**Name of the Vulnerable Software and Affected Versions** Atlassian Confluence Server versions 6.6.0 through 6.6.11 Atlassian Confluence Server versions 6.7.0 through 6.12.2 Atlassian Confluence Server versions 6.13.0 through 6.13.2 Atlassian Confluence Server versions 6.14.0 through 6.14.1 **Description** The issue allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. This is due to incorrect restriction of the directory path name with limited access. The exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For versions 6.6.0 through 6.6.11, update to version 6.6.12 or later. For versions 6.7.0 through 6.12.2, update to version 6.12.3 or later. For versions 6.13.0 through 6.13.2, update to version 6.13.3 or later. For versions 6.14.0 through 6.14.1, update to version 6.14.2 or later.