← Retour aux CVEs

CVE-2019-3398

HIGHCISA KEV

8.8

Description

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie4/18/2019

Derniere modification10/24/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurAtlassian

ProduitConfluence Server and Data Center

Nom vulnerabiliteAtlassian Confluence Server and Data Center Path Traversal Vulnerability

Date ajout KEV2021-11-03

Date limite remediation2022-05-03

Utilise dans ransomwareUnknown

Produits affectes

atlassian:confluence_server

Faiblesses (CWE)

CWE-22CWE-22

References

http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html(security@atlassian.com)

http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html(security@atlassian.com)

http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html(security@atlassian.com)

http://www.securityfocus.com/bid/108067(security@atlassian.com)

https://jira.atlassian.com/browse/CONFSERVER-58102(security@atlassian.com)

https://seclists.org/bugtraq/2019/Apr/33(security@atlassian.com)

http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/108067(af854a3a-2127-422b-91ae-364da2661108)

https://jira.atlassian.com/browse/CONFSERVER-58102(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/bugtraq/2019/Apr/33(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.