Description

Widget Connector addon of Confluence is vulnerable to path traversal and server side template injection, which could be used for remote code execution.

Remediation

Upgrade to the latest version of Confluence

References

CVE-2019-3396

CONFSERVER-57974

Related Vulnerabilities

Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-6184)

WordPress Plugin Popup-Popup More Popups Directory Traversal (2.2.4)

MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000208)

WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-21371)

SimpleHelp Path Traversal (CVE-2024-57727)

Severity

High

Classification

CVE-2019-3396 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Server Side Template Injection