CVE-2019-3395
N/A
N/A
Summary
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Confluence Server | unspecified < 6.6.7 | affected |
| Atlassian | Confluence Server | 6.7.0 < unspecified | affected |
| Atlassian | Confluence Server | unspecified <= 6.7.3 | affected |
| Atlassian | Confluence Server | 6.8.0 < unspecified | affected |
| Atlassian | Confluence Server | unspecified < 6.8.5 | affected |
| Atlassian | Confluence Server | 6.9.0 < unspecified | affected |
| Atlassian | Confluence Server | unspecified < 6.9.3 | affected |
Weaknesses
- Server-Side Request Forgery (SSRF)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.