CVE-2020-29448

Published: Feb 22, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Affected (6)

Products: Atlassian: Confluence Data Center, Confluence Server

Atlassian

2 products

Confluence Data Center

Confluence Server

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Atlassian Confluence Data Center	Before 6.13.18
Atlassian Confluence Data Center	From 6.14.0 to 7.4.6
Atlassian Confluence Data Center	From 7.5.0 to 7.8.3
Atlassian Confluence Server	Before 6.13.18
Atlassian Confluence Server	From 6.14.0 to 7.4.6
Atlassian Confluence Server	From 7.5.0 to 7.8.3

References (2)

https://jira.atlassian.com/browse/CONFSERVER-60469

Source: security@atlassian.com

Issue TrackingPatchVendor Advisory

https://jira.atlassian.com/browse/CONFSERVER-60469

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

Timeline

No history available yet.