CVE-2019-3395

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
9.8CRITICAL
EPSS
8.0%
top 7.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Confluence ServerAtlassian Confluence
Timeline
PublishedMar 25
Latest updateMay 13

Description

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5atlassian/confluence_serverunspecified6.6.7+6
NVDatlassian/confluence_server6.13.06.13.3+1
NVDatlassian/confluence6.7.06.12.3+1

Patches

Patch: jira.atlassian.comPatch: jira.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-63p3-c254-6c5g: The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 62022-05-13
CVEList
CVE-2019-3395: The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 62019-03-25
CVE-2019-3395 (CRITICAL CVSS 9.8) | The WebDAV endpoint in Atlassian Co | cvebase.io