Multiple Atlassian products could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass Servlet Filters.
Atlassian Confluence Server and Data Center contains default hardcoded passwords. A remote attacker could exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.
Refer to Atlassian Security Advisory for patch, upgrade or suggested workaround information.