CVE-2019-3398 vulnerability in Atlassian Products
Published on April 18, 2019
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.
Known Exploited Vulnerability
This Atlassian Confluence Path Traversal Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confl.
The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2019-3398 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2019-3398 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2019-3398
You can be notified by stack.watch whenever vulnerabilities like CVE-2019-3398 are published in these products:
What versions are vulnerable to CVE-2019-3398?
-
Atlassian Confluence
Version 2.0.0
Fixed in Version 6.6.13
-
Atlassian Confluence
Version 6.7.0
Fixed in Version 6.12.4
-
Atlassian Confluence Server
Version 6.13.0
Fixed in Version 6.13.4
-
Atlassian Confluence Server
Version 6.14.0
Fixed in Version 6.14.3