The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before…
atlassian·CWE-22·Published 2019-03-25
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
La macro de Widget Connector en Atlassian Confluence and Data Center en versiones anteriores a la 6.6.12 (la versión solucionada para 6.6.x), desde la versión 6.7.0 hasta antes de la 6.12.3 (la versión solucionada para 6.12.x), desde la versión 6.13.0 hasta antes de la 6.13.3 (la versión solucionada para 6.13.x) y desde la versión 6.14.0 hasta antes de la 6.14.2 (la versión solucionada para 6.14.x) permite a los atacantes remotos lograr saltos de directorio y ejecución remota de código en una instancia de Confluence Server or Data Center a través de una inyección de plantillas del lado del servidor.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 10.0 | 10.0 | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| 3.1 | Primary | cve.org | 9.8 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Secondary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |