The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/CONFSERVER-57971 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2019-03-25T18:37:06.217310Z
Updated: 2024-09-17T00:20:30.157Z
Reserved: 2018-12-19T00:00:00
Link: CVE-2019-3395
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-25T19:29:01.617
Modified: 2024-11-21T04:42:01.480
Link: CVE-2019-3395
Redhat
No data.