CVE-2019-3396

Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

La macro de Widget Connector en Atlassian Confluence and Data Center en versiones anteriores a la 6.6.12 (la versión solucionada para 6.6.x), desde la versión 6.7.0 hasta antes de la 6.12.3 (la versión solucionada para 6.12.x), desde la versión 6.13.0 hasta antes de la 6.13.3 (la versión solucionada para 6.13.x) y desde la versión 6.14.0 hasta antes de la 6.14.2 (la versión solucionada para 6.14.x) permite a los atacantes remotos lograr saltos de directorio y ejecución remota de código en una instancia de Confluence Server or Data Center a través de una inyección de plantillas del lado del servidor.

Atlassian Confluence version 6.12.1 suffers from a Widget Connector Macro template injection vulnerability.

Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-12-19 CVE Reserved
2019-03-25 CVE Published
2019-04-09 First Exploit
2021-11-03 Exploited in Wild
2022-05-03 KEV Due Date
2024-09-16 CVE Updated
2024-11-11 EPSS Updated

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (17)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/46731	2024-09-16
https://www.exploit-db.com/exploits/49465	2021-01-22
https://github.com/jas502n/CVE-2019-3396	2019-11-01
https://github.com/x-f1v3/CVE-2019-3396	2019-04-09
https://github.com/pyn3rd/CVE-2019-3396	2019-04-10
https://github.com/dothanthitiendiettiende/CVE-2019-3396	2019-04-09
https://github.com/Avento/CVE-2019-3396-Memshell-for-Behinder	2024-05-21
https://github.com/s1xg0d/CVE-2019-3396	2019-05-13
https://github.com/quanpt103/CVE-2019-3396	2019-04-10
https://github.com/xiaoshuier/CVE-2019-3396	2019-04-09
https://github.com/am6539/CVE-2019-3396	2019-11-21
https://github.com/W2Ning/CVE-2019-3396	2019-12-13
https://github.com/skommando/CVE-2019-3396-confluence-poc	2019-08-21
http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html	2024-09-16
http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html	2024-09-16
http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector	2024-09-16

URL	Date	SRC
https://jira.atlassian.com/browse/CONFSERVER-57974	2021-12-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Atlassian Search vendor "Atlassian"		Confluence Search vendor "Atlassian" for product "Confluence"				< 6.6.12 Search vendor "Atlassian" for product "Confluence" and version " < 6.6.12"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Search vendor "Atlassian" for product "Confluence"				>= 6.7.0 < 6.12.3 Search vendor "Atlassian" for product "Confluence" and version " >= 6.7.0 < 6.12.3"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				>= 6.13.0 < 6.13.3 Search vendor "Atlassian" for product "Confluence Server" and version " >= 6.13.0 < 6.13.3"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				>= 6.14.0 < 6.14.2 Search vendor "Atlassian" for product "Confluence Server" and version " >= 6.14.0 < 6.14.2"		-		Affected