The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/CONFSERVER-60469 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-02-18T15:08:59.028136Z
Updated: 2024-09-17T02:31:11.206Z
Reserved: 2020-12-01T00:00:00
Link: CVE-2020-29448
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-22T21:15:19.460
Modified: 2024-11-21T05:24:01.560
Link: CVE-2020-29448
Redhat
No data.