Confluence Widget Connector SSTI

Description

Widget Connector addon of Confluence is vulnerable to path traversal and server side template injection, which could be used for remote code execution.

Remediation

Upgrade to the latest version of Confluence

References

CVE-2019-3396

CONFSERVER-57974

Related Vulnerabilities

Openfire Path Traversal (CVE-2023-32315)

Joomla! Core 3.x.x Directory Traversal (3.0.0 - 3.9.24)

WordPress Plugin Smush Image Compression and Optimization Directory Traversal (2.7.5)

Directory Traversal with spring-cloud-config-server

WordPress Plugin jQuery Mega Menu Widget 'skin' Parameter Local File Include (1.0)

Severity

High

Classification

CVE-2019-3396 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities