Published on April 22nd, 2019 📆 | 6095 Views ⚑
0Atlassian Confluence Server/Data Center up to 6.15.1 downloadallattachments directory traversal
CVSS Meta Temp Score | Current Exploit Price (≈) |
---|---|
6.0 | $0-$5k |
A vulnerability was found in Atlassian Confluence Server and Data Center up to 6.15.1. It has been classified as critical. This affects code of the file downloadallattachments. The manipulation with an unknown input leads to a directory traversal vulnerability (Code Execution). CWE is classifying the issue as CWE-22. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was published 04/18/2019. This vulnerability is uniquely identified as CVE-2019-3398 since 12/19/2018. It is possible to initiate the attack remotely. Technical details are known, but no exploit is available.
Upgrading to version 6.15.2 eliminates this vulnerability.
Vendor
Name
VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: ?
VulDB Reliability: ?
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
? | ? | ? | ? | ? | ? |
? | ? | ? | ? | ? | ? |
? | ? | ? | ? | ? | ? |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Directory traversal / Code Execution (CWE-22)
Local: No
Remote: Yes
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?
0-Day Time: ?
Upgrade: Confluence Server/Data Center 6.15.2
12/19/2018 CVE assigned
04/18/2019 Advisory disclosed
04/19/2019 VulDB entry created
04/19/2019 VulDB last updateCVE: CVE-2019-3398 (?)Created: 04/19/2019 07:20 AM
Complete: ?
Comments
Enable the mail alert feature now!
https://vuldb.com/?id.133845
No comments yet. Please log in to comment.