← Retour aux CVEs
CVE-2019-3396
CRITICALCISA KEV9.8
Description
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/25/2019
Derniere modification10/24/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurAtlassian
ProduitConfluence Server and Data Server
Nom vulnerabiliteAtlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareKnown
Produits affectes
atlassian:confluence_server
Faiblesses (CWE)
CWE-22CWE-22
References
http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html(security@atlassian.com)
http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html(security@atlassian.com)
http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector(security@atlassian.com)
https://jira.atlassian.com/browse/CONFSERVER-57974(security@atlassian.com)
https://www.exploit-db.com/exploits/46731/(security@atlassian.com)
http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector(af854a3a-2127-422b-91ae-364da2661108)
https://jira.atlassian.com/browse/CONFSERVER-57974(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46731/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.