BDU:2019-02771

BDU

CriticalConfirmedExploit available

Уязвимость компонента Widget Connector веб-сервера Atlassian Confluence Server существует из-за неверного ограничения имени пути к каталогу…

CVSS

9.8

Critical

EPSS

0.00

Published

2019-01-01

Updated

2019-01-01

Description

Уязвимость компонента Widget Connector веб-сервера Atlassian Confluence Server существует из-за неверного ограничения имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код

Tags · CWE

Pre-auth

Affected products

Atlassian Confluence serverAtlassian Confluence serverAtlassian Confluence serverAtlassian Confluence serverAtlassian Confluence serverAtlassian Confluence serverAtlassian Confluence serverAtlassian Confluence serverAtlassian Confluence serverAtlassian Confluence server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2019-01-01

Published

2019-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

46731

exploitdb · https://www.exploit-db.com/exploits/46731

Enterprise

49465

exploitdb · https://www.exploit-db.com/exploits/49465

Enterprise

CVE-2019-3396

github-poc · https://github.com/tno01/cve-2019-3396

Enterprise

Affected software

Product	Vendor	Status
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked
confluence server	atlassian	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2019-3396

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3396@http://www.exploit-db.com/exploits/46731/@https://securitylab.ru/news/499834.php@https://habr.com/ru/company/pt/blog/447904/@https://nvd.nist.gov/vuln/detail/CVE-2019-3396@https://www.exploit-db.com/exploits/46731@https://jira.atlassian.com/browse/CONFSERVER-57974