CVE-2019-3394

CWE-22Path Traversal3 documents3 sources
Severity
8.8HIGH
EPSS
75.3%
top 1.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Confluence ServerAtlassian Confluence
Timeline
PublishedAug 29
Latest updateMay 24

Description

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under /confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if t

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5atlassian/confluence_server6.1.0unspecified+5
NVDatlassian/confluence_server6.14.06.15.8
NVDatlassian/confluence6.1.06.6.16+1

Patches

Patch: confluence.atlassian.comPatch: confluence.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-3qjw-wqhv-r92w: There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting2022-05-24
CVEList
CVE-2019-3394: There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting2019-08-29
CVE-2019-3394 (HIGH CVSS 8.8) | There was a local file disclosure v | cvebase.io