Loading...

XML

Word

Printable

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 6.13.18, 7.4.6, 7.8.3, 7.9.0
Affects Version/s: 7.4.3, 7.7.4
Component/s: None
Labels:

CVSS Score:
5.3
CVSS Severity:
Medium
CVE ID:
CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Affected versions:

version < 6.13.18
6.14.0 ≤ version < 7.4.6
7.5.0 ≤ version < 7.8.3

Fixed versions:

6.13.18
7.4.6
7.8.3
7.9.0

This vulnerability is attributed to Amit Laish, a security researcher from GE Digital.

is related to

CWD-5685 Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

Published

JRASERVER-72695 Limited Remote File Read in Jira Software Server - CVE-2021-26086

Published

relates to

CONFSERVER-67893 Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085

Published

is detailed by: VULN-196971 Loading...

mentioned in: Page Loading...; Page Loading...

(1 mentioned in)

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 10/Nov/2020 12:03 AM

Updated:: 22/Jun/2023 11:37 AM

Resolved:: 16/Dec/2020 5:40 PM

Details

Description

Affected versions:

Fixed versions:

Attachments

Issue Links

Forms

Activity

People

Dates