← Volver a CVEs

CVE-2019-3398

HIGHCISA KEV

8.8

Descripcion

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.

Detalles CVE

Puntuacion CVSS v3.18.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado4/18/2019

Ultima modificacion10/24/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorAtlassian

ProductoConfluence Server and Data Center

Nombre vulnerabilidadAtlassian Confluence Server and Data Center Path Traversal Vulnerability

Fecha inclusion KEV2021-11-03

Fecha limite remediacion2022-05-03

Uso en ransomwareUnknown

Productos afectados

atlassian:confluence_server

Debilidades (CWE)

CWE-22CWE-22

Referencias

http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html(security@atlassian.com)

http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html(security@atlassian.com)

http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html(security@atlassian.com)

http://www.securityfocus.com/bid/108067(security@atlassian.com)

https://jira.atlassian.com/browse/CONFSERVER-58102(security@atlassian.com)

https://seclists.org/bugtraq/2019/Apr/33(security@atlassian.com)

http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/108067(af854a3a-2127-422b-91ae-364da2661108)

https://jira.atlassian.com/browse/CONFSERVER-58102(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/bugtraq/2019/Apr/33(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.