CVE-2020-4027
https://notcve.org/view.php?id=CVE-2020-4027
Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1. Las versiones afectadas de Atlassian Confluence Server y Data Center permitían a los atacantes remotos con permisos de administración del sistema saltarse las mitigaciones de inyección de plantillas de velocidad a través de una vulnerabilidad de inyección en las macros de usuario personalizadas. Las versiones afectadas son anteriores a la versión 7.4.5, y desde la versión 7.5.0 hasta la versión 7.5.1 • https://jira.atlassian.com/browse/CONFSERVER-59898 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2019-20406
https://notcve.org/view.php?id=CVE-2019-20406
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. El uso de Tomcat en Confluence en el sistema operativo Microsoft Windows antes de la versión 7.0.5 y desde la versión 7.1.0 antes de la versión 7.1.1, permite a atacantes del sistema local, que tienen permiso para escribir un archivo DLL en un directorio en la variable de entorno global path, inyectar código y escalar sus privilegios por medio de una vulnerabilidad de secuestro de DLL. • https://jira.atlassian.com/browse/CONFSERVER-59428 • CWE-427: Uncontrolled Search Path Element •
CVE-2019-15006
https://notcve.org/view.php?id=CVE-2019-15006
There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. • http://packetstormsecurity.com/files/155742/Atlassian-Confluence-Man-In-The-Middle.html https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html https://jira.atlassian.com/browse/CONFSERVER-59244 https://seclists.org/bugtraq/2019/Dec/36 https://twitter.com/SwiftOnSecurity/status/1202034106495832067 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2019-15005
https://notcve.org/view.php?id=CVE-2019-15005
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2. El plugin Atlassian Troubleshooting and Support anterior a versión 1.17.2, permite a un usuario sin privilegios iniciar escaneos de registros periódicos y enviar los resultados a una dirección de correo electrónico especificada por el usuario debido a una falta de comprobación de autorización. El mensaje de correo electrónico puede contener información de configuración sobre la aplicación en la que el plugin está instalado. • https://herolab.usd.de/security-advisories/usd-2019-0016 https://jira.atlassian.com/browse/BAM-20647 • CWE-862: Missing Authorization •
CVE-2019-3394 – Confluence Server Local File Disclosure
https://notcve.org/view.php?id=CVE-2019-3394
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability. Hay una vulnerabilidad de divulgación de archivos locales en Confluence Server y Confluence Data Center por medio de la exportación de página. • https://github.com/jas502n/CVE-2019-3394 https://confluence.atlassian.com/x/uAsvOg https://jira.atlassian.com/browse/CONFSERVER-58734 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •