Vulnerability Details : CVE-2019-3394
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.
Vulnerability category: Directory traversal
Products affected by CVE-2019-3394
- cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3394
14.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3394
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-3394
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-3394
-
https://confluence.atlassian.com/x/uAsvOg
Confluence Security Advisory - 2019-08-28 - Atlassian DocumentationPatch;Vendor Advisory
-
https://jira.atlassian.com/browse/CONFSERVER-58734
[CONFSERVER-58734] Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394 - Create and track feature requests for Atlassian products.Vendor Advisory
Jump to