Atlassian Confluence Server/Data Center up to 6.15.1 downloadallattachments directory traversal

A vulnerability was found in Atlassian Confluence Server and Data Center up to 6.15.1. It has been classified as critical. This affects code of the file downloadallattachments. The manipulation with an unknown input leads to a directory traversal vulnerability (Code Execution). CWE is classifying the issue as CWE-22. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was published 04/18/2019. This vulnerability is uniquely identified as CVE-2019-3398 since 12/19/2018. It is possible to initiate the attack remotely. Technical details are known, but no exploit is available.

Upgrading to version 6.15.2 eliminates this vulnerability.

Vendor

• Atlassian

Name

• Confluence Server
• Data Center

• ?
• ?
• ?

• ?
• ?
• ?

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: ?
VulDB Reliability: ?

VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Directory traversal / Code Execution (CWE-22)
Local: No
Remote: Yes

Availability: ?
Status: Not defined

Price Prediction: ?
Current Price Estimation: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?
0-Day Time: ?

Upgrade: Confluence Server/Data Center 6.15.2

12/19/2018 CVE assigned
04/18/2019 +120 days Advisory disclosed
04/19/2019 +1 days VulDB entry created
04/19/2019 +0 days VulDB last updateCVE: CVE-2019-3398 (?)Created: 04/19/2019 07:20 AM
Complete: ?

Comments

Comments are closed.