← Voltar para CVEs
CVE-2019-3396
CRITICALCISA KEV9.8
Descricao
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/25/2019
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorAtlassian
ProdutoConfluence Server and Data Server
Nome da vulnerabilidadeAtlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Data inclusao KEV2021-11-03
Prazo de remediacao2022-05-03
Uso em ransomwareKnown
Produtos afetados
atlassian:confluence_server
Fraquezas (CWE)
CWE-22CWE-22
Referencias
http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html(security@atlassian.com)
http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html(security@atlassian.com)
http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector(security@atlassian.com)
https://jira.atlassian.com/browse/CONFSERVER-57974(security@atlassian.com)
https://www.exploit-db.com/exploits/46731/(security@atlassian.com)
http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector(af854a3a-2127-422b-91ae-364da2661108)
https://jira.atlassian.com/browse/CONFSERVER-57974(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46731/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.