CVE-2020-29445

Published: May 7, 2021Modified: Feb 12, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.

Affected (2)

Products: Atlassian: Confluence Server

Atlassian

1 product

Confluence Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Atlassian Confluence Server	Before 7.4.8
Atlassian Confluence Server	From 7.5.0 to 7.11.0

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://jira.atlassian.com/browse/CONFSERVER-61453

Source: security@atlassian.com

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/CONFSERVER-61453

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.