mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-19 17:32:41 +00:00
Merge pull request #1735 from asecurityteam/atlassian-20190321
Add CVE-2019-3395 CVE-2019-3396
This commit is contained in:
CVE Team
GitHub
commit
b8a5650460
@ -1,18 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-3395",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-03-20T10:00:00",
|
||||
"ID": "CVE-2019-3395",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Confluence Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "6.6.7",
|
||||
"version_affected": "<"
|
||||
},
|
||||
|
||||
|
||||
{
|
||||
"version_value": "6.7.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "6.7.3",
|
||||
"version_affected": "<="
|
||||
},
|
||||
|
||||
|
||||
{
|
||||
"version_value": "6.8.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "6.8.5",
|
||||
"version_affected": "<"
|
||||
},
|
||||
|
||||
|
||||
{
|
||||
"version_value": "6.9.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "6.9.3",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Server-Side Request Forgery (SSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/CONFSERVER-57971"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-3396",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-03-20T10:00:00",
|
||||
"ID": "CVE-2019-3396",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Confluence Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "6.6.12",
|
||||
"version_affected": "<"
|
||||
},
|
||||
|
||||
|
||||
{
|
||||
"version_value": "6.7.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "6.12.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
|
||||
|
||||
{
|
||||
"version_value": "6.13.0",
|
||||
"version_affected": ">"
|
||||
},
|
||||
{
|
||||
"version_value": "6.13.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
|
||||
|
||||
{
|
||||
"version_value": "6.14.0",
|
||||
"version_affected": ">"
|
||||
},
|
||||
{
|
||||
"version_value": "6.14.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Server-Side Template Injection"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user