CVE-2019-3394 - OpenCVE

Vendors	Products
Atlassian	Confluence Confluence Server

Link	Resource
https://confluence.atlassian.com/x/uAsvOg	Patch Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-58734	Vendor Advisory

{"containers": {"cna": {"affected": [{"product": "Confluence Server", "vendor": "Atlassian", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "6.1.0", "versionType": "custom"}, {"lessThan": "6.6.16", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "6.7.0", "versionType": "custom"}, {"lessThan": "6.13.7", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "6.14.0", "versionType": "custom"}, {"lessThan": "6.15.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Path Traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-03T14:33:34", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/CONFSERVER-58734"}, {"tags": ["x_refsource_MISC"], "url": "https://confluence.atlassian.com/x/uAsvOg"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2019-08-28T10:00:00", "ID": "CVE-2019-3394", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Confluence Server", "version": {"version_data": [{"version_affected": ">=", "version_value": "6.1.0"}, {"version_affected": "<", "version_value": "6.6.16"}, {"version_affected": ">=", "version_value": "6.7.0"}, {"version_affected": "<", "version_value": "6.13.7"}, {"version_affected": ">=", "version_value": "6.14.0"}, {"version_affected": "<", "version_value": "6.15.8"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Path Traversal"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/CONFSERVER-58734", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/CONFSERVER-58734"}, {"name": "https://confluence.atlassian.com/x/uAsvOg", "refsource": "MISC", "url": "https://confluence.atlassian.com/x/uAsvOg"}]}}}}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2019-3394", "datePublished": "2019-08-28T00:00:00", "dateReserved": "2018-12-19T00:00:00", "dateUpdated": "2019-09-03T14:33:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*", "matchCriteriaId": "05936908-961E-4BED-84F8-43EBC82428FC", "versionEndExcluding": "6.6.16", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CA41EB3-96B9-490A-9624-576150354543", "versionEndExcluding": "6.13.7", "versionStartIncluding": "6.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C074617C-5D55-47C8-8AB6-B3497ADA9EC4", "versionEndExcluding": "6.15.8", "versionStartIncluding": "6.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability."}, {"lang": "es", "value": "Hay una vulnerabilidad de divulgaci\u00f3n de archivos locales en Confluence Server y Confluence Data Center por medio de la exportaci\u00f3n de p\u00e1gina. Un atacante con permiso para editar una p\u00e1gina puede explotar este problema para leer archivos arbitrarios en el servidor bajo el directorio (install-directory)/confluence/WEB-INF, que puede contener archivos de configuraci\u00f3n utilizados para integrarse con otros servicios, que podr\u00edan potencialmente filtrar credenciales u otra informaci\u00f3n confidencial como credenciales de LDAP. La credencial de LDAP ser\u00e1 filtrada potencialmente solo si el servidor Confluence est\u00e1 configurado para usar LDAP como repositorio de usuarios. Todas las versiones de Confluence Server desde 6.1.0 anteriores a 6.6.16 (la versi\u00f3n corregida para 6.6.x), desde versiones 6.7.0 anteriores a 6.13.7 (la versi\u00f3n corregida para 6.13.x) y desde versiones 6.14.0 anteriores a 6.15.8 (la versi\u00f3n corregida para 6.15.x) est\u00e1n afectadas por esta vulnerabilidad."}], "id": "CVE-2019-3394", "lastModified": "2021-12-13T16:05:54.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-29T15:15:11.027", "references": [{"source": "security@atlassian.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://confluence.atlassian.com/x/uAsvOg"}, {"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-58734"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

JSON object

JSON object

JSON object