The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-02-18T15:08:59.028136Z

Updated: 2024-09-17T02:31:11.206Z

Reserved: 2020-12-01T00:00:00

Link: CVE-2020-29448

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-22T21:15:19.460

Modified: 2024-11-21T05:24:01.560

Link: CVE-2020-29448

cve-icon Redhat

No data.