VDB

CVE-2022-46175

CVE-2022-46175 PUBLISHED CVSS 7.099999904632568 HIGH

This High severity json5 Dependency vulnerability was introduced in versions 5.9 of Confluence Data Center. This json5 Dependency vulnerability, with a CVSS Score of 7.1, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, low impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center 9.1: Upgrade to a release greater than or equal to 9.1.0 See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Atlassian (Internal) program.

EPSS 42.30% · 97.5th percentile

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
EPSS Score
42.30%
97.5th percentile

Affected Products

VendorProductVersions
AtlassianBitbucket Data Center
AtlassianConfluence Server
AtlassianConfluence Data Center
AWSconfig
AtlassianBitbucket Server

Timeline

  • Dec 24, 2022 CVE Published
  • Dec 24, 2022 EPSS Score
  • Jan 4, 2023 EPSS Score
  • Aug 3, 2024 CVE Updated
  • Dec 17, 2024 EPSS Score
  • Mar 18, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Mar 25, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 2, 2025 EPSS Score
  • Apr 14, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›