CVE-2019-20102
https://notcve.org/view.php?id=CVE-2019-20102
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter. La funcionalidad de carga de archivos adjuntos en Atlassian Confluence Server desde versión 6.14.0 hasta versión 6.14.3, y versión 6.15.0 anterior a versión 6.15.5, permite a atacantes remotos lograr un ataque de tipo cross-site-scripting almacenado (SXSS) por medio de un archivo adjunto malicioso con un parámetro "mimeType" modificado. • https://jira.atlassian.com/browse/CONFSERVER-59358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-20406
https://notcve.org/view.php?id=CVE-2019-20406
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. El uso de Tomcat en Confluence en el sistema operativo Microsoft Windows antes de la versión 7.0.5 y desde la versión 7.1.0 antes de la versión 7.1.1, permite a atacantes del sistema local, que tienen permiso para escribir un archivo DLL en un directorio en la variable de entorno global path, inyectar código y escalar sus privilegios por medio de una vulnerabilidad de secuestro de DLL. • https://jira.atlassian.com/browse/CONFSERVER-59428 • CWE-427: Uncontrolled Search Path Element •
CVE-2019-15006
https://notcve.org/view.php?id=CVE-2019-15006
There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. • http://packetstormsecurity.com/files/155742/Atlassian-Confluence-Man-In-The-Middle.html https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html https://jira.atlassian.com/browse/CONFSERVER-59244 https://seclists.org/bugtraq/2019/Dec/36 https://twitter.com/SwiftOnSecurity/status/1202034106495832067 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2019-3394 – Confluence Server Local File Disclosure
https://notcve.org/view.php?id=CVE-2019-3394
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability. Hay una vulnerabilidad de divulgación de archivos locales en Confluence Server y Confluence Data Center por medio de la exportación de página. • https://github.com/jas502n/CVE-2019-3394 https://confluence.atlassian.com/x/uAsvOg https://jira.atlassian.com/browse/CONFSERVER-58734 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-20239
https://notcve.org/view.php?id=CVE-2018-20239
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0. Application Links anterior a la versión 5.0.11, desde la versión 5.1.0 a la 5.2.10, desde la versión 5.3.0 a la 5.3.6, desde la versión 5.4.0 a la 5.4.12, y desde la versión 6.0.0 a la 6.0.4, permite a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo cross site scripting (XSS) en el parámetro applinkStartingUrl. El producto es usado como un complemento en varios productos de Atlassian donde se ven impactados los siguientes: Confluence anterior a la versión 6.15.2, Crucible before anterior a la versión 4.7.0, Crowd anterior a la versión 3.4.3, Fisheye anterior a la versión 4.7.0, Jira anterior a la versión 7.13.3 y versión 8.x anterior a 8.1.0. • https://ecosystem.atlassian.net/browse/APL-1373 https://jira.atlassian.com/browse/CONFSERVER-58208 https://jira.atlassian.com/browse/CRUC-8379 https://jira.atlassian.com/browse/CWD-5362 https://jira.atlassian.com/browse/FE-7161 https://jira.atlassian.com/browse/JRASERVER-68855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •