CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-3395

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile13.63th
Published2019年3月25日
Last Modified2024年11月21日

Vulnerability Description

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.

Affected Platforms (CPE)

📦
Atlassian

Confluence

< 6.6.12
📦
Atlassian

Confluence

>= 6.7.0 and < 6.12.3
📦
Atlassian

Confluence Server

>= 6.13.0 and < 6.13.3
📦
Atlassian

Confluence Server

>= 6.14.0 and < 6.14.2

References & Advisories

🔗 https://jira.atlassian.com/browse/CONFSERVER-57971
🔗 https://jira.atlassian.com/browse/CONFSERVER-57971

関連する脆弱性情報

CVE-2021-378439.8

The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is k...

CVE-2019-33969.8

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 ...

CVE-2019-101009.8

In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The at...

CVE-2021-260849.8

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthentica...