The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/CONFSERVER-60469 | Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2020-11-10T00:00:00
Updated: 2021-02-18T15:08:59
Reserved: 2020-12-01T00:00:00
Link: CVE-2020-29448
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-22T21:15:19.460
Modified: 2022-07-27T14:03:52.773
Link: CVE-2020-29448
JSON object: View
Redhat Information
No data.
CWE