vulnerability
Atlassian Confluence: WebDAV and Widget Connector vulnerabilities (CVE-2019-3396)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 25, 2019 | Apr 12, 2019 | Sep 18, 2024 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Mar 25, 2019
Added
Apr 12, 2019
Modified
Sep 18, 2024
Description
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
Solutions
atlassian-confluence-upgrade-6_12_3atlassian-confluence-upgrade-6_13_3atlassian-confluence-upgrade-6_14_2atlassian-confluence-upgrade-6_6_12
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.