CVE-2019-3398 – Atlassian Confluence Server and Data Center Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-3398
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability. El Confluence Server and Data Center tenían una vulnerabilidad de salto de ruta en el recurso downloadallattachments. Un atacante remoto que tenga permiso para agregar archivos adjuntos a páginas y/o blogs o para crear un nuevo espacio o un espacio personal o quien tenga permisos 'Admin' para un espacio poder explotar esta vulnerabilidad de salto de ruta para escribir archivos en ubicaciones arbitrarias que pueden conducir a la ejecución de código remota en sistemas que ejecutan en una versión vulnerable de Confluence Server o Data Center. • https://www.exploit-db.com/exploits/47621 https://github.com/132231g/CVE-2019-3398 http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html http://www.securityfocus.com/bid/108067 https://jira.atlassian.com/browse/CONFSERVER-58102 https://seclists.org/bugtraq/2019/Apr/33 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-3395
https://notcve.org/view.php?id=CVE-2019-3395
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. El endpoint WebDAV en Atlassian Confluence Server and Data Center en versiones anteriores a la 6.6.7 (la versión solucionada para 6.6.x), desde la versión 6.7.0 hasta antes de la 6.8.5 (la versión solucionada para 6.8.x) y desde la versión 6.9.0 hasta antes de la 6.9.3 (la versión solucionada para 6.9.x) permite a los atacantes remotos enviar peticiones arbitrarias HTTP y WebDAV desde una instancia de Confluence Server or Data Center a través de una Server-Side Request Forgery. • https://jira.atlassian.com/browse/CONFSERVER-57971 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-3396 – Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. La macro de Widget Connector en Atlassian Confluence and Data Center en versiones anteriores a la 6.6.12 (la versión solucionada para 6.6.x), desde la versión 6.7.0 hasta antes de la 6.12.3 (la versión solucionada para 6.12.x), desde la versión 6.13.0 hasta antes de la 6.13.3 (la versión solucionada para 6.13.x) y desde la versión 6.14.0 hasta antes de la 6.14.2 (la versión solucionada para 6.14.x) permite a los atacantes remotos lograr saltos de directorio y ejecución remota de código en una instancia de Confluence Server or Data Center a través de una inyección de plantillas del lado del servidor. Atlassian Confluence version 6.12.1 suffers from a Widget Connector Macro template injection vulnerability. Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution. • https://www.exploit-db.com/exploits/46731 https://www.exploit-db.com/exploits/49465 https://github.com/jas502n/CVE-2019-3396 https://github.com/x-f1v3/CVE-2019-3396 https://github.com/pyn3rd/CVE-2019-3396 https://github.com/dothanthitiendiettiende/CVE-2019-3396 https://github.com/Avento/CVE-2019-3396-Memshell-for-Behinder https://github.com/s1xg0d/CVE-2019-3396 https://github.com/quanpt103/CVE-2019-3396 https://github.com/xiaoshuier/CVE-2019-3396 https://github. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-13389
https://notcve.org/view.php?id=CVE-2018-13389
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml. El recurso attachment en Atlassian Confluence en versiones anteriores a la 6.6.1 permite que atacantes remotos suplanten el contenido web en el navegador Mozilla Firefox mediante adjuntos que tienen un tipo de contenido de application/rdf+xml. • http://www.securityfocus.com/bid/104755 https://jira.atlassian.com/browse/CONFSERVER-54906 • CWE-20: Improper Input Validation •
CVE-2017-18086
https://notcve.org/view.php?id=CVE-2017-18086
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. Varios recursos en Atlassian Confluence Server, en versiones anteriores a la 6.4.2, permiten que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro issuesURL. • http://www.securityfocus.com/bid/103061 https://jira.atlassian.com/browse/CONFSERVER-54907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •