← back
CVE-2019-3398

CVE-2019-3398

CVSS 8.8 HIGHEPSS 97.2%● KEVCWE-22
In short

Confluence has a flaw that allows users with upload permissions to write files anywhere on the server by manipulating file paths, potentially enabling them to execute harmful code.

Technical detail

Path traversal vulnerability in the downloadallattachments resource allows authenticated users with attachment upload or space creation privileges to write arbitrary files to the filesystem, leading to remote code execution through malicious file placement in executable directories.

Summary generated and translated by AI from the official description.
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Atlassian · Confluence
public PoCs found6
githubgithub.com/superevr/cve-2019-339815githubgithub.com/132231g/CVE-2019-33980cve_referencepacketstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.htmlunverifiedcve_referencepacketstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.htmlunverifiedcve_referencepacketstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47621unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.htmlhttp://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.htmlhttp://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.htmlhttps://jira.atlassian.com/browse/CONFSERVER-58102https://seclists.org/bugtraq/2019/Apr/33https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398http://www.securityfocus.com/bid/108067