CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.
References
Link Resource
https://jira.atlassian.com/browse/CONFSERVER-57971 Issue Tracking Patch Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-57971 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:42

Type Values Removed Values Added
References () https://jira.atlassian.com/browse/CONFSERVER-57971 - Issue Tracking, Patch, Vendor Advisory () https://jira.atlassian.com/browse/CONFSERVER-57971 - Issue Tracking, Patch, Vendor Advisory

Information

Published : 2019-03-25 19:29

Updated : 2024-11-21 04:42


NVD link : CVE-2019-3395

Mitre link : CVE-2019-3395

CVE.ORG link : CVE-2019-3395


JSON object : View

Products Affected

atlassian

  • confluence
  • confluence_server
CWE
CWE-918

Server-Side Request Forgery (SSRF)