CyberSec.Space Logo
Back to CVE Browser

CVE-2019-3395

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile13.63th
PublishedMar 25, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.

Affected Platforms (CPE)

πŸ“¦
Atlassian

Confluence

< 6.6.12
πŸ“¦
Atlassian

Confluence

>= 6.7.0 and < 6.12.3
πŸ“¦
Atlassian

Confluence Server

>= 6.13.0 and < 6.13.3
πŸ“¦
Atlassian

Confluence Server

>= 6.14.0 and < 6.14.2

References & Advisories

πŸ”— https://jira.atlassian.com/browse/CONFSERVER-57971
πŸ”— https://jira.atlassian.com/browse/CONFSERVER-57971

Related Vulnerabilities

CVE-2021-378439.8

The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is k...

CVE-2019-33969.8

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 ...

CVE-2019-101009.8

In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The at...

CVE-2021-260849.8

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthentica...