CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.

Published: Mar 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3395
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
atlassian / confluence	-	6.6.12
atlassian / confluence	6.7.0	6.12.3
atlassian / confluence_server	6.13.0	6.13.3
atlassian / confluence_server	6.14.0	6.14.2

https://jira.atlassian.com/browse/CONFSERVER-57971

Vulnerability Database

289,784

CVE-2019-3395