← Voltar para CVEs

CVE-2019-3398

HIGHCISA KEV

8.8

Descricao

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.

Detalhes CVE

Pontuacao CVSS v3.18.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado4/18/2019

Ultima modificacao10/24/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorAtlassian

ProdutoConfluence Server and Data Center

Nome da vulnerabilidadeAtlassian Confluence Server and Data Center Path Traversal Vulnerability

Data inclusao KEV2021-11-03

Prazo de remediacao2022-05-03

Uso em ransomwareUnknown

Produtos afetados

atlassian:confluence_server

Fraquezas (CWE)

CWE-22CWE-22

Referencias

http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html(security@atlassian.com)

http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html(security@atlassian.com)

http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html(security@atlassian.com)

http://www.securityfocus.com/bid/108067(security@atlassian.com)

https://jira.atlassian.com/browse/CONFSERVER-58102(security@atlassian.com)

https://seclists.org/bugtraq/2019/Apr/33(security@atlassian.com)

http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/108067(af854a3a-2127-422b-91ae-364da2661108)

https://jira.atlassian.com/browse/CONFSERVER-58102(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/bugtraq/2019/Apr/33(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.