CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.
References
Link Resource
https://jira.atlassian.com/browse/CONFSERVER-57971 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*

History

13 Dec 2021, 16:05

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*

Information

Published : 2019-03-25 19:29

Updated : 2023-12-10 12:59


NVD link : CVE-2019-3395

Mitre link : CVE-2019-3395

CVE.ORG link : CVE-2019-3395


JSON object : View

Products Affected

atlassian

  • confluence_server
  • confluence
CWE
CWE-918

Server-Side Request Forgery (SSRF)