CVE-2020-29445

Summary

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.

Affected Software

VendorProductVersion RangeStatus
AtlassianConfluence Serverunspecified < 7.4.8affected
AtlassianConfluence Server7.5.0 < unspecifiedaffected
AtlassianConfluence Serverunspecified < 7.11.0affected

Weaknesses

  • Server-Side Request Forgery

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References