ASA-2019-00238 – Confluence: Path traversal in the downloadallattachments resource

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00238

Identifier(s)

ASA-2019-00238, CVE-2019-3398

Title

Path traversal in the downloadallattachments resource

Vendor(s)

Atlassian

Product(s)

Confluence Server
Confluence Data Center

Affected version(s)

All 2.x.x versions of Confluence Server or Data Center
All 3.x.x versions of Confluence Server or Data Center
All 4.x.x versions of Confluence Server or Data Center
All 5.x.x versions of Confluence Server or Data Center
All 6.0.x versions of Confluence Server or Data Center
All 6.1.x versions of Confluence Server or Data Center
All 6.2.x versions of Confluence Server or Data Center
All 6.3.x versions of Confluence Server or Data Center
All 6.4.x versions of Confluence Server or Data Center
All 6.5.x versions of Confluence Server or Data Center
All 6.6.x versions before 6.6.13 of Confluence Server or Data Center
All 6.7.x versions of Confluence Server or Data Center
All 6.8.x versions of Confluence Server or Data Center
All 6.9.x versions of Confluence Server or Data Center
All 6.10.x versions of Confluence Server or Data Center
All 6.11.x versions of Confluence Server or Data Center
All 6.12.x versions before 6.12.4 of Confluence Server or Data Center
All 6.13.x versions before 6.13.4 of Confluence Server or Data Center
All 6.14.x versions before 6.14.3 of Confluence Server or Data Center
All 6.15.x versions before 6.15.2 of Confluence Server or Data Center

Fixed version(s)

Confluence Server or Data Center 6.6.13
Confluence Server or Data Center 6.12.4
Confluence Server or Data Center 6.13.4
Confluence Server or Data Center 6.14.3
Confluence Server or Data Center 6.15.2

Proof of concept

Unknown

Description

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs, or to create a new space or personal space, or who has ‘Admin’ permissions for a space, can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.

Technical details

Unknown

Credits

Jānis Krusts (IT Centr)

Reference(s)

Confluence Security Advisory – 2019-04-17
https://confluence.atlassian.com/doc/confluence-security-advisory-2019-04-17-968660855.

Confluence – Path traversal vulnerability – CVE-2019-3398
https://jira.atlassian.com/browse/CONFSERVER-58102

CVE-2019-3398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3398

CVE-2019-3398
https://nvd.nist.gov/vuln/detail/CVE-2019-3398

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: April 29, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.