CVE-2019-3398
Last modified
CVE-2019-3398 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. CISA has confirmed active exploitation in the wild. EPSS estimates a 97.15% chance of exploitation in the next 30 days.
Description
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Confluence Server | >= 2.0, < 6.6.13 |
| Atlassian | Confluence Server | >= 6.7.0, < 6.12.4 |
| Atlassian | Confluence Server | >= 6.13.0, < 6.13.4 |
| Atlassian | Confluence Server | >= 6.14.0, < 6.14.3 |
| Atlassian | Confluence Server | >= 6.15.0, < 6.15.2 |
References
- http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.htmlThird Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.htmlThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/108067Broken Link, Third Party Advisory, VDB Entry
- https://jira.atlassian.com/browse/CONFSERVER-58102Issue Tracking, Patch, Vendor Advisory
- https://seclists.org/bugtraq/2019/Apr/33Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.htmlThird Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.htmlThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/108067Broken Link, Third Party Advisory, VDB Entry
- https://jira.atlassian.com/browse/CONFSERVER-58102Issue Tracking, Patch, Vendor Advisory
- https://seclists.org/bugtraq/2019/Apr/33Mailing List, Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2019-3398?
How severe is CVE-2019-3398?
How do I fix CVE-2019-3398?
Are you affected by CVE-2019-3398?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST