CVE-2020-4027

Name of the Vulnerable Software and Affected Versions Atlassian Confluence Server and Data Center versions prior to 7.4.5 Atlassian Confluence Server and Data Center versions 7.5.0 through 7.5.0

Description The issue allows remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros.

Recommendations For versions prior to 7.4.5, update to version 7.4.5 or later. For version 7.5.0, update to version 7.5.1 or later. As a temporary workaround, consider restricting access to custom user macros until a patch is available.