CVE-2019-3396

🗓️ 25 Mar 2019 18:37:06Reported by atlassianType

cve🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 2114 Views🌐 WEB

Widget Connector macro path traversal and remote code execution in Atlassian Confluence Serve

Reporter	Title	Published	Views	Family All 65
Gitee	Exploit for Code Injection in Pivotal_Software Spring_Data_Commons	11 Apr 202111:34	–	gitee
Gitee	Exploit for Path Traversal in Atlassian Confluence_Server	27 Jul 202010:27	–	gitee
0day.today	Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit	18 Apr 201900:00	–	zdt
GithubExploit	Exploit for Path Traversal in Atlassian Confluence_Server	5 Feb 202116:31	–	githubexploit
GithubExploit	Exploit for Path Traversal in Atlassian Confluence_Server	10 Apr 201902:15	–	githubexploit
GithubExploit	Exploit for Path Traversal in Atlassian Confluence_Server	1 May 202102:10	–	githubexploit
GithubExploit	Exploit for Path Traversal in Atlassian Confluence_Server	16 Sep 202504:50	–	githubexploit
GithubExploit	Exploit for Expression Language Injection in Atlassian Confluence_Data_Center	7 Jun 202211:55	–	githubexploit
GithubExploit	Exploit for Path Traversal in Atlassian Confluence_Server	10 Apr 201902:22	–	githubexploit
GithubExploit	Exploit for Path Traversal in Atlassian Confluence_Server	1 Feb 202116:10	–	githubexploit

NVD

Node

atlassian confluence_serverRange<6.6.12

atlassian confluence_serverRange6.7.0–6.12.3

atlassian confluence_serverRange6.13.0–6.13.3

atlassian confluence_serverRange6.14.0–6.14.2

[
  {
    "product": "Confluence Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "6.6.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.7.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.12.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "next of 6.13.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.13.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "next of 6.14.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.14.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html
packetstormsecurity	www.packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html
rapid7	www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector
jira	www.jira.atlassian.com/browse/CONFSERVER-57974
exploit-db	www.exploit-db.com/exploits/46731/
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
_template	request body	rest/tinymce/1/macro/preview	Path traversal via _template parameter leading to local file access in macro preview	CWE-22
spaceUserKey	request body	rest/create-dialog/1.0/space-blueprint/create-personal-space	Authenticated step to create a personal space used in RCE chain	CWE-22
spaceKey	query param	rest/api/space	Obtain personal space ID using spaceKey to identify homepage and file storage paths	CWE-22

17 Jun 2026 02:35Current

9.8High risk

Vulners AI Score9.8

CVSS 3.19.8

CVSS 210

EPSS0.99913

SSVC