CVE-2019-3394

high-risk
Published 2019-08-29

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.

Do I need to act?

!
75.3% chance of exploitation in next 30 days
EPSS score — higher than 25% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Atlassian

References (4)

Patch https://confluence.atlassian.com/x/uAsvOg
Vendor Advisory https://jira.atlassian.com/browse/CONFSERVER-58734
Patch https://confluence.atlassian.com/x/uAsvOg
Vendor Advisory https://jira.atlassian.com/browse/CONFSERVER-58734
57
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 20/34 · Moderate
Exposure 7/34 · Low