Description

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.

Remediation

References

CVE-2020-29445

Related Vulnerabilities

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-42029)

WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1)

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2006-1868)

Drupal Core 8.x.x Cross-Site Scripting (8.0.0 - 8.4.8)

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-3873)

Severity

Medium

Classification

CVE-2020-29445 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities