admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1920 from asecurityteam/atlassian-20190418

Browse Source 
Add CVE-2019-3398
This commit is contained in:
CVE Team 2019-04-18 13:21:55 -04:00 committed by GitHub
commit 6b3e415e11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 95 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
2019/3xxx/CVE-2019-3398.json
View File

@ -1,18 +1,98 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3398",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-04-17T00:00:00",
"ID": "CVE-2019-3398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Confluence",
"version": {
"version_data": [
{
"version_value": "2.0.0",
"version_affected": ">="
},
{
"version_value": "6.6.13",
"version_affected": "<"
},
{
"version_value": "6.7.0",
"version_affected": ">="
},
{
"version_value": "6.12.4",
"version_affected": "<"
},
{
"version_value": "6.13.0",
"version_affected": ">="
},
{
"version_value": "6.13.4",
"version_affected": "<"
},
{
"version_value": "6.14.0",
"version_affected": ">="
},
{
"version_value": "6.14.3",
"version_affected": "<"
},
{
"version_value": "6.15.0",
"version_affected": ">="
},
{
"version_value": "6.15.2",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102"
}
]
}
}