-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
7.4.3, 7.7.4
-
None
-
5.3
-
Medium
-
CVE-2020-29448
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Affected versions:
- version < 6.13.18
- 6.14.0 ≤ version < 7.4.6
- 7.5.0 ≤ version < 7.8.3
Fixed versions:
- 6.13.18
- 7.4.6
- 7.8.3
- 7.9.0
This vulnerability is attributed to Amit Laish, a security researcher from GE Digital.
- is related to
-
CWD-5685 Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240
- Published
-
JRASERVER-72695 Limited Remote File Read in Jira Software Server - CVE-2021-26086
- Published
- relates to
-
CONFSERVER-67893 Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085
- Published
- is detailed by
-
VULN-196971 Loading...