[CONFSERVER-57974] Remote code execution via Widget Connector macro - CVE-2019-3396 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 6.6.12, 6.13.3, 6.14.2, 6.12.3, 6.10.3, 6.15.1
Affects Version/s: 6.6.0, 6.7.0, 6.8.0, 6.9.0, 6.10.0, 6.11.0, 6.12.0, 6.13.0, 6.14.0, 6.14.1
Component/s: Macros - Widget Connector
Labels:

Fixed in Long Term Support Release/s:

Download 6.6, 6.13
Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

There was a server-side template injection vulnerability in Confluence Server and Data Center, in the Widget Connector. An attacker is able to exploit this issue to achieve path traversal and remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.

Affected versions:

All versions of Confluence Server and Confluence Data Center before version 6.6.12, from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x) and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x).

Fix:

Confluence Server version 6.15.1 is available for download from https://www.atlassian.com/software/confluence/download.
Confluence Server version 6.14.2 is available for download from https://www.atlassian.com/software/confluence/download-archives.
Confluence Server version 6.13.3 is available for download from https://www.atlassian.com/software/confluence/download-archives.
Confluence Server version 6.12.3 is available for download from https://www.atlassian.com/software/confluence/download-archives.
Confluence Server version 6.6.12 is available for download from https://www.atlassian.com/software/confluence/download-archives.

For additional details, see the full advisory: https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+-+2019-03-20

is related to

CONFSERVER-57971 SSRF via WebDAV endpoint - CVE-2019-3395

Closed

mentioned in: Confluence Security Advisory - 2019-03-20; Page Failed to load; Page Failed to load; Page Failed to load; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(8 mentioned in)

Matt Jones made changes - 02/Jul/2024 12:15 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 922344 ]

Eric Franklin (Inactive) made changes - 13/Dec/2023 5:37 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 847668 ]

Eric Franklin (Inactive) made changes - 08/Dec/2023 8:28 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 846203 ]

set-jac-bot made changes - 22/May/2020 8:24 AM

Fixed in Enterprise Release/s

New: [Download 6.6, 6.13|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Duy Truong Luong made changes - 06/May/2020 12:02 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 482312 ]

Said made changes - 17/Feb/2020 5:15 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 471327 ]

Richard Atkins made changes - 05/Dec/2019 1:30 AM

Labels

Original: CVE-2019-3396 advisory advisory-released bugbounty cvss-critical security template-injection

New: CVE-2019-3396 advisory advisory-released bugbounty cvss-critical injection security template-injection

David Black made changes - 12/Aug/2019 3:01 AM

Labels

Original: CVE-2019-3396 advisory advisory-to-release bugbounty cvss-critical security template-injection

New: CVE-2019-3396 advisory advisory-released bugbounty cvss-critical security template-injection

nma (Inactive) made changes - 25/Jul/2019 3:57 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 438908 ]

Quan Pham added a comment - 06/Jun/2019 1:50 AM

A fix for this issue is available to Server and Data Center customers in Confluence 6.10.3
Upgrade now or check out the Release Notes to see what other issues are resolved.

If you're running the Confluence 6.6 Enterprise release, a fix for this issue is now available in Confluence 6.6.14, which you can find in the Download Archives.

If you're running the Confluence 6.13 Enterprise release, a fix for this issue is now available in Confluence 6.13.5, which you can find in the Download Archives.

Quan Pham added a comment - 06/Jun/2019 1:50 AM A fix for this issue is available to Server and Data Center customers in Confluence 6.10.3 Upgrade now or check out the Release Notes to see what other issues are resolved. If you're running the Confluence 6.6 Enterprise release, a fix for this issue is now available in Confluence 6.6.14, which you can find in the Download Archives . If you're running the Confluence 6.13 Enterprise release, a fix for this issue is now available in Confluence 6.13.5, which you can find in the Download Archives .

Assignee:: Duy Truong Luong

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 34 Start watching this issue

Created:: 28/Feb/2019 3:02 AM

Updated:: 02/Jul/2024 12:15 AM

Resolved:: 05/Mar/2019 8:22 AM

Confluence Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[CONFSERVER-57974] Remote code execution via Widget Connector macro - CVE-2019-3396

Collapse comment: Quan Pham added a comment - 06/Jun/2019 1:50 AM

Expand comment: Quan Pham added a comment - 06/Jun/2019 1:50 AM

People

Dates