Details
-
Bug
-
Resolution: Fixed
-
Highest
-
6.1.3, 6.7.3, 6.8.3
-
Severity 1 - Critical
-
Description
There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance.
Affected versions:
- All versions of Confluence Server and Confluence Data Center before version 6.6.7, from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x).
Fix:
- Confluence Server version 6.15.1 is available for download from https://www.atlassian.com/software/confluence/download.
- Confluence Server version 6.14.2 is available for download from https://www.atlassian.com/software/confluence/download-archives.
- Confluence Server version 6.13.3 is available for download from https://www.atlassian.com/software/confluence/download-archives.
- Confluence Server version 6.12.3 is available for download from https://www.atlassian.com/software/confluence/download-archives.
- Confluence Server version 6.6.12 is available for download from https://www.atlassian.com/software/confluence/download-archives.
For additional details, see the full advisory: https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+-+2019-03-20
Attachments
Issue Links
- causes
-
CONFSERVER-58070 Disabling WebDAV add-on will disable Office connector add-on.
- Closed
- relates to
-
-
- Closed
-
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-