CVE-2019-3396

Description from NVD

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

Information Acquisition Date:2021-09-30T16:40Z

CVSS 2.0: 10.0 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Partial	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://jira.atlassian.com/browse/CONFSERVER-57974
source:MISC
tags:Issue Tracking Patch Vendor Advisory

http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html
source:MISC
tags:Exploit Third Party Advisory VDB Entry

http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector
source:MISC
tags:Exploit Third Party Advisory VDB Entry

46731
source:EXPLOIT-DB
tags:Exploit Third Party Advisory VDB Entry

http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html
source:MISC
tags:Exploit Third Party Advisory VDB Entry

This vulnerability may involve a PoC.

Description from Forti

Confluence Widget Connector macro Path Traversal

This indicates an attack attempt to exploit a Directory Traversal vulnerability in Atlassian Confluence.The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. Successful attacks may allow a remote attackers to use a specially crafted request with directory-traversal sequences to retrieve sensitive information and remote code execution.

Information Acquisition Date:2021/02/19

Affected Products

Atlassian Confluence Server before version 6.6.12
Atlassian Confluence Server from version 6.7.0 before 6.12.3
Atlassian Confluence Server from version 6.13.0 before 6.13.3
Atlassian Confluence Server from version 6.14.0 before 6.14.2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply patch if available from the vendor's website.
https://jira.atlassian.com/browse/CONFSERVER-57974

References

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URL	Num of Times Referred to
https://paper.seebug.org/886/	59
https://wiki	5
http://bit.ly/2H7b77c	3

Information from Twitter

User	URL	Info Source	Date
eric_capuano	https://blog.reconinfosec.com/analysis-of-exploitation-of-c...	Source eric_capuano 1532514310605373463	2022/06/03
Recon_InfoSec	https://blog.reconinfosec.com/analysis-of-exploitation-of-c...	Source Recon_InfoSec 1532526015188180997	2022/06/03
ipssignatures	https://twitter.com/Recon_InfoSec/status/1532526015188180997	Source ipssignatures 1532815890336587778	2022/06/04

List of frequently cited URLs

URL	Num of Times Referred to
paper.seebug.org	59
wiki	5
bit.ly	3

Information from Twitter

User	URL	Info Source
eric_capuano	blog.reconinfosec.com	Show Tweet
Recon_InfoSec	blog.reconinfosec.com	Show Tweet
ipssignatures	twitter.com	Show Tweet

GitHub Search Results: Up to 10

Name	URL
Yt1g3r/CVE-2019-3396_EXP	https://github.com/Yt1g3r/CVE-2019-3396_EXP
jas502n/CVE-2019-3396	https://github.com/jas502n/CVE-2019-3396
pyn3rd/CVE-2019-3396	https://github.com/pyn3rd/CVE-2019-3396
x-f1v3/CVE-2019-3396	https://github.com/x-f1v3/CVE-2019-3396
dothanthitiendiettiende/CVE-2019-3396	https://github.com/dothanthitiendiettiende/CVE-2019-3396
abdallah-elsharif/cve-2019-3396	https://github.com/abdallah-elsharif/cve-2019-3396
JonathanZhou348/CVE-2019-3396TEST	https://github.com/JonathanZhou348/CVE-2019-3396TEST
vntest11/confluence_CVE-2019-3396	https://github.com/vntest11/confluence_CVE-2019-3396
yuehanked/cve-2019-3396	https://github.com/yuehanked/cve-2019-3396
xiaoshuier/CVE-2019-3396	https://github.com/xiaoshuier/CVE-2019-3396

GitHub Search Results: Up to 10

Name	URL
Yt1g3r/CVE-2019-3396_EXP	github.com
jas502n/CVE-2019-3396	github.com
pyn3rd/CVE-2019-3396	github.com
x-f1v3/CVE-2019-3396	github.com
dothanthitiendiettiende/CVE-2019-3396	github.com
abdallah-elsharif/cve-2019-3396	github.com
JonathanZhou348/CVE-2019-3396TEST	github.com
vntest11/confluence_CVE-2019-3396	github.com
yuehanked/cve-2019-3396	github.com
xiaoshuier/CVE-2019-3396	github.com

2022/06/04 Score : 1
Added Har-sia Database : 2020/02/21
Last Modified : 2022/06/04
Highest Scored Date : 2021/09/16
Highest Score : 59