CVE-2020-29448

Summary

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Affected Software

VendorProductVersion RangeStatus
AtlassianConfluence Serverunspecified < 6.13.18affected
AtlassianConfluence Server6.14.0 < unspecifiedaffected
AtlassianConfluence Serverunspecified < 7.4.6affected
AtlassianConfluence Server7.5.0 < unspecifiedaffected
AtlassianConfluence Serverunspecified < 7.8.3affected
AtlassianConfluence Data Centerunspecified < 6.13.18affected
AtlassianConfluence Data Center6.14.0 < unspecifiedaffected
AtlassianConfluence Data Centerunspecified < 7.4.6affected
AtlassianConfluence Data Center7.5.0 < unspecifiedaffected
AtlassianConfluence Data Centerunspecified < 7.8.3affected

Weaknesses

  • Arbitrary File Read

ADP Enrichment

CVE Program Container

Additional References

References