Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3395


The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.


Published

2019-03-25T19:29:01.617

Last Modified

2024-11-21T04:42:01.480

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-918

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application atlassian confluence < 6.6.12 Yes
Application atlassian confluence < 6.12.3 Yes
Application atlassian confluence_server < 6.13.3 Yes
Application atlassian confluence_server < 6.14.2 Yes

References