The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2019-03-25T18:37:06.217310Z

Updated: 2024-09-17T00:20:30.157Z

Reserved: 2018-12-19T00:00:00

Link: CVE-2019-3395

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-25T19:29:01.617

Modified: 2024-11-21T04:42:01.480

Link: CVE-2019-3395

cve-icon Redhat

No data.