CVE-2020-29445Server-Side Request Forgery in Atlassian Confluence Server

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Confluence Server
Timeline
PublishedMay 7
Latest updateMay 24

Description

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5atlassian/confluence_serverunspecified7.4.8+2
NVDatlassian/confluence_server7.5.07.11.0+1

🔴Vulnerability Details

2
GHSA
GHSA-9gqc-c5m8-vf5q: Affected versions of Confluence Server before 72022-05-24
CVEList
CVE-2020-29445: Affected versions of Confluence Server before 72021-05-07
CVE-2020-29445 — Server-Side Request Forgery | cvebase