CVE-2019-15006

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information.

Había una vulnerabilidad de tipo man-in-the-middle (MITM) presente en el plugin Confluence Previews en Confluence Server y Confluence Data Center. Este plugin se utilizó para facilitar la comunicación con la aplicación Atlassian Companion. El plugin Confluence Previews en Confluence Server y Confluence Data Center se comunicó con la aplicación Companion por medio del nombre de dominio atlassian-domain-for-localhost-connections-only.com, cuyo registro DNS A señala en versión 127.0.0.1. Además, un certificado firmado para el dominio se distribuyó públicamente con la aplicación Companion. Un atacante en posición de controlar la resolución DNS de su víctima podría llevar a cabo un ataque de tipo man-in-the-middle (MITM) entre Confluence Server (o Confluence Data Center) y el dominio atlassian-domain-for-localhost-connections-only.com destinado a ser utilizado con la aplicación Companion. Este certificado ha sido revocado, sin embargo, el uso del nombre de dominio atlassian-domain-for-localhost-connections-only.com todavía estaba presente en Confluence Server y Confluence Data Center. Un atacante podría realizar el ataque descrito mediante la negación a sus víctimas del acceso a la información de revocación de certificados, y llevar a cabo un ataque de tipo man-in-the-middle (MITM) para observar los archivos que están siendo editados usando la aplicación Companion y/o modificarlos, y acceder a alguna Información del usuario limitada.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-08-13 CVE Reserved
2019-12-19 CVE Published
2024-05-16 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-913: Improper Control of Dynamically-Managed Code Resources

CAPEC

References (5)

URL	Tag	Source
http://packetstormsecurity.com/files/155742/Atlassian-Confluence-Man-In-The-Middle.html	Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/36	Mailing List
https://twitter.com/SwiftOnSecurity/status/1202034106495832067	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html	2021-12-13
https://jira.atlassian.com/browse/CONFSERVER-59244	2021-12-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Atlassian Search vendor "Atlassian"		Confluence Search vendor "Atlassian" for product "Confluence"				>= 6.11.0 < 6.13.10 Search vendor "Atlassian" for product "Confluence" and version " >= 6.11.0 < 6.13.10"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				>= 6.14.0 < 6.15.10 Search vendor "Atlassian" for product "Confluence Server" and version " >= 6.14.0 < 6.15.10"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				>= 7.0.1 < 7.0.5 Search vendor "Atlassian" for product "Confluence Server" and version " >= 7.0.1 < 7.0.5"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				>= 7.1.0 < 7.1.2 Search vendor "Atlassian" for product "Confluence Server" and version " >= 7.1.0 < 7.1.2"		-		Affected