Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-57971

SSRF via WebDAV endpoint - CVE-2019-3395

    XMLWordPrintable

    Details

      Description

      There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance.

       

      Affected versions:

      • All versions of Confluence Server and Confluence Data Center before version 6.6.7, from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x).

       

      Fix:

       

      For additional details, see the full advisory: https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+-+2019-03-20

       

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                24 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved:
                  Last commented:
                  18 weeks, 4 days ago