Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-58102

Confluence - Path traversal vulnerability - CVE-2019-3398

XMLWordPrintable

      Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.

      Affected versions:

      • All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.

      Fix:

      For additional details, see the full advisory.

            [CONFSERVER-58102] Confluence - Path traversal vulnerability - CVE-2019-3398

            set-jac-bot made changes -
            Fixed in Enterprise Release/s New: [Download 6.6, 6.13|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]
            Said made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 471233 ]
            Said made changes -
            Labels Original: CVE-2019-3398 advisory advisory-released cvss-critical path-traversal New: CVE-2019-3398 advisory advisory-released cvss-critical idor path-traversal security
            David Black made changes -
            Labels Original: CVE-2019-3398 advisory advisory-to-release cvss-critical path-traversal New: CVE-2019-3398 advisory advisory-released cvss-critical path-traversal
            Rachel Robins made changes -
            Fix Version/s New: 6.10.3 [ 86394 ]
            Fix Version/s Original: 60.10.3 [ 87597 ]
            Quan Pham made changes -
            Fix Version/s New: 60.10.3 [ 87597 ]

            Erin Collins added a comment -

            Is there a test we can run, locally, against the upgraded version to satisfy our ISO that this fix has actually resolved the vulnerability? Our auditors will surely require proof...

            Erin Collins added a comment - Is there a test we can run, locally, against the upgraded version to satisfy our ISO that this fix has actually resolved the vulnerability? Our auditors will surely require proof...

            Whit Blauvelt added a comment -

            We had provided no such permissions to remote users. Yet we were successfully attacked, apparently through this. The attack surface may be broader than your warning says.

            Whit Blauvelt added a comment - We had provided no such permissions to remote users. Yet we were successfully attacked, apparently through this. The attack surface may be broader than your warning says.

            Faustin L added a comment -

            Hi, is there a way to check quickly what file was potentially impacted?

             

            Faustin L added a comment - Hi, is there a way to check quickly what file was potentially impacted?  
            Security Metrics Bot made changes -
            Security Original: Reporter and Atlassian Staff [ 10751 ]

              Unassigned Unassigned
              dblack David Black
              Affected customers:
              0 This affects my team
              Watchers:
              19 Start watching this issue

                Created:
                Updated:
                Resolved: