CVE-2019-3396 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Atlassian Confluence Server affects v. before 6.14.2.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days
Scan only one
Domain, IPv4
Toolbox
-
Atlassian Confluence Server is a web-based collaboration and enterprise wiki software that helps teams to work together and share knowledge in a single location. The software provides an easy-to-use interface for creating, organizing, and sharing information with the team members. Users can use it to create pages, blogs, and information-rich documentations. It's commonly used by businesses and organizations to streamline their workflow, facilitate communication, and improve team collaboration.
The CVE-2019-3396 vulnerability discovered in the Atlassian Confluence Server is a critical path traversal vulnerability that allows a remote attacker to execute code on the server. The Widget Connector macro in Atlassian Confluence Server is vulnerable to this security flaw from version 6.7.0 through 6.14.2. If exploited, the vulnerability would allow an attacker to achieve server-side template injection and execute arbitrary code on the affected server.
This vulnerability, if exploited, could allow an attacker to gain access to sensitive information, modify or delete files, and take full control of the server. This poses a significant threat to organizations as it can lead to the theft of customer data or financial information. It can also result in a loss of reputation and trust.
Finally, thanks to the pro features of the S4E platform, you can easily and quickly learn about vulnerabilities in your digital assets. The platform provides comprehensive vulnerability management capabilities, and its advanced scanning techniques can help to detect even the most obscure security flaws. With the S4E platform, you can ensure that your digital assets are secure and that your organization's data remains protected.
REFERENCES
- http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html
- http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html
- http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector
- https://jira.atlassian.com/browse/CONFSERVER-57974
- https://www.exploit-db.com/exploits/46731/