CVE-2019-3394 (GCVE-0-2019-3394)

Vulnerability from cvelistv5 – Published: 2019-08-29 14:32 – Updated: 2024-09-17 00:02
VLAI?
Summary
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.
Severity ?
No CVSS data available.
CWE
  • Path Traversal
Assigner
References
Impacted products
Vendor Product Version
Atlassian Confluence Server Affected: 6.1.0 , < unspecified (custom)
Affected: unspecified , < 6.6.16 (custom)
Affected: 6.7.0 , < unspecified (custom)
Affected: unspecified , < 6.13.7 (custom)
Affected: 6.14.0 , < unspecified (custom)
Affected: unspecified , < 6.15.8 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-58734"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/x/uAsvOg"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.15.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-08-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under \u003cinstall-directory\u003e/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T14:33:34",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-58734"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://confluence.atlassian.com/x/uAsvOg"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2019-08-28T10:00:00",
          "ID": "CVE-2019-3394",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.15.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under \u003cinstall-directory\u003e/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-58734",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-58734"
            },
            {
              "name": "https://confluence.atlassian.com/x/uAsvOg",
              "refsource": "MISC",
              "url": "https://confluence.atlassian.com/x/uAsvOg"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2019-3394",
    "datePublished": "2019-08-29T14:32:32.947868Z",
    "dateReserved": "2018-12-19T00:00:00",
    "dateUpdated": "2024-09-17T00:02:29.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.0\", \"versionEndExcluding\": \"6.6.16\", \"matchCriteriaId\": \"05936908-961E-4BED-84F8-43EBC82428FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7.0\", \"versionEndExcluding\": \"6.13.7\", \"matchCriteriaId\": \"3CA41EB3-96B9-490A-9624-576150354543\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.14.0\", \"versionEndExcluding\": \"6.15.8\", \"matchCriteriaId\": \"C074617C-5D55-47C8-8AB6-B3497ADA9EC4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under \u003cinstall-directory\u003e/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Hay  una vulnerabilidad de divulgaci\\u00f3n de archivos locales en Confluence Server y Confluence Data Center por medio de la exportaci\\u00f3n de p\\u00e1gina. Un atacante con permiso para editar una p\\u00e1gina puede explotar este problema para leer archivos arbitrarios en el servidor bajo el directorio (install-directory)/confluence/WEB-INF, que puede contener archivos de configuraci\\u00f3n utilizados para integrarse con otros servicios, que podr\\u00edan potencialmente filtrar credenciales u otra informaci\\u00f3n confidencial como credenciales de LDAP. La credencial de LDAP ser\\u00e1 filtrada potencialmente solo si el servidor Confluence est\\u00e1 configurado para usar LDAP como repositorio de usuarios. Todas las versiones de Confluence Server desde 6.1.0 anteriores a 6.6.16 (la versi\\u00f3n corregida para 6.6.x), desde versiones 6.7.0 anteriores a 6.13.7 (la versi\\u00f3n corregida para 6.13.x) y desde versiones 6.14.0 anteriores a 6.15.8 (la versi\\u00f3n corregida para 6.15.x) est\\u00e1n afectadas por esta vulnerabilidad.\"}]",
      "id": "CVE-2019-3394",
      "lastModified": "2024-11-21T04:42:01.373",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-08-29T15:15:11.027",
      "references": "[{\"url\": \"https://confluence.atlassian.com/x/uAsvOg\", \"source\": \"security@atlassian.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-58734\", \"source\": \"security@atlassian.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://confluence.atlassian.com/x/uAsvOg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-58734\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@atlassian.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3394\",\"sourceIdentifier\":\"security@atlassian.com\",\"published\":\"2019-08-29T15:15:11.027\",\"lastModified\":\"2024-11-21T04:42:01.373\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under \u003cinstall-directory\u003e/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Hay  una vulnerabilidad de divulgaci\u00f3n de archivos locales en Confluence Server y Confluence Data Center por medio de la exportaci\u00f3n de p\u00e1gina. Un atacante con permiso para editar una p\u00e1gina puede explotar este problema para leer archivos arbitrarios en el servidor bajo el directorio (install-directory)/confluence/WEB-INF, que puede contener archivos de configuraci\u00f3n utilizados para integrarse con otros servicios, que podr\u00edan potencialmente filtrar credenciales u otra informaci\u00f3n confidencial como credenciales de LDAP. La credencial de LDAP ser\u00e1 filtrada potencialmente solo si el servidor Confluence est\u00e1 configurado para usar LDAP como repositorio de usuarios. Todas las versiones de Confluence Server desde 6.1.0 anteriores a 6.6.16 (la versi\u00f3n corregida para 6.6.x), desde versiones 6.7.0 anteriores a 6.13.7 (la versi\u00f3n corregida para 6.13.x) y desde versiones 6.14.0 anteriores a 6.15.8 (la versi\u00f3n corregida para 6.15.x) est\u00e1n afectadas por esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.6.16\",\"matchCriteriaId\":\"05936908-961E-4BED-84F8-43EBC82428FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"6.13.7\",\"matchCriteriaId\":\"3CA41EB3-96B9-490A-9624-576150354543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.14.0\",\"versionEndExcluding\":\"6.15.8\",\"matchCriteriaId\":\"C074617C-5D55-47C8-8AB6-B3497ADA9EC4\"}]}]}],\"references\":[{\"url\":\"https://confluence.atlassian.com/x/uAsvOg\",\"source\":\"security@atlassian.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CONFSERVER-58734\",\"source\":\"security@atlassian.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://confluence.atlassian.com/x/uAsvOg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CONFSERVER-58734\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.