vulnerability
Atlassian Confluence: WebDAV and Widget Connector vulnerabilities (CVE-2019-3396)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 25, 2019 | Apr 12, 2019 | Sep 18, 2024 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Mar 25, 2019
Added
Apr 12, 2019
Modified
Sep 18, 2024
Description
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
Solution(s)
atlassian-confluence-upgrade-6_12_3atlassian-confluence-upgrade-6_13_3atlassian-confluence-upgrade-6_14_2atlassian-confluence-upgrade-6_6_12
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.