CVE-2019-3395

Summary

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.

Affected Software

VendorProductVersion RangeStatus
AtlassianConfluence Serverunspecified < 6.6.7affected
AtlassianConfluence Server6.7.0 < unspecifiedaffected
AtlassianConfluence Serverunspecified <= 6.7.3affected
AtlassianConfluence Server6.8.0 < unspecifiedaffected
AtlassianConfluence Serverunspecified < 6.8.5affected
AtlassianConfluence Server6.9.0 < unspecifiedaffected
AtlassianConfluence Serverunspecified < 6.9.3affected

Weaknesses

  • Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References