The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/CONFSERVER-60469 | Issue Tracking Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Jul 2022, 14:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://jira.atlassian.com/browse/CONFSERVER-60469 - Issue Tracking, Patch, Vendor Advisory | |
CPE | cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* |
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* |
First Time |
Atlassian confluence Data Center
Atlassian confluence Server |
26 Feb 2021, 20:26
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://jira.atlassian.com/browse/CONFSERVER-60469 - Patch, Vendor Advisory |
22 Feb 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-22 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-29448
Mitre link : CVE-2020-29448
CVE.ORG link : CVE-2020-29448
JSON object : View
Products Affected
atlassian
- confluence_server
- confluence_data_center
CWE