Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2019-3398

🗓️ 18 Apr 2019 17:21:37Reported by atlassianType 
cve
 cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 1075 Views🌐 WEB

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource, allowing remote code execution

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today		Confluence Server / Data Center Path Traversal Vulnerability
24 Apr 201900:00
zdt
0day.today		Atlassian Confluence 6.15.1 - Directory Traversal Vulnerability
12 Nov 201900:00
zdt
0day.today		Atlassian Confluence 6.15.1 - Directory Traversal Exploit
12 Nov 201900:00
zdt
ATTACKERKB		CVE-2019-3398
18 Apr 201900:00
attackerkb
Atlassian		Confluence - Path traversal vulnerability - CVE-2019-3398
31 Mar 201921:40
atlassian
Atlassian		Confluence - Path traversal vulnerability - CVE-2019-3398
31 Mar 201921:40
atlassian
Circl		CVE-2019-3398
9 Dec 202007:18
circl
CISA KEV Catalog		Atlassian Confluence Server and Data Center Path Traversal Vulnerability
3 Nov 202100:00
cisa_kev
Tenable Nessus		Atlassian Confluence < 6.6.13 / 6.7.x < 6.12.4 / 6.13.x < 6.13.4 / 6.14.x < 6.14.3 / 6.15.x < 6.15.2 Directory Traversal Vulnerability
25 Apr 201900:00
nessus
Tenable Nessus		Atlassian Confluence 6.15.x < 6.15.2 Directory Traversal Vulnerability
17 Jul 201900:00
nessus
Rows per page
NVD
Node
atlassianconfluence_serverRange2.06.6.13
OR
atlassianconfluence_serverRange6.7.06.12.4
OR
atlassianconfluence_serverRange6.13.06.13.4
OR
atlassianconfluence_serverRange6.14.06.14.3
OR
atlassianconfluence_serverRange6.15.06.15.2
[
  {
    "product": "Confluence",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.6.13",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.7.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.12.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.13.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.13.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.14.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.14.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.15.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.15.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
pageIdquery param/pages/downloadallattachments.actionPath traversal in download all attachments leading to arbitrary file writesCWE-22
filenamequery param/plugins/drag-and-drop/upload.actionArbitrary file write via path traversal during shellcode upload by crafting the filenameCWE-22
pageIdquery param/plugins/drag-and-drop/upload.actionArbitrary file write via path traversal during shellcode upload by crafting the filenameCWE-22
atl_tokenquery param/plugins/drag-and-drop/upload.actionArbitrary file write via path traversal during shellcode upload by crafting the filenameCWE-22
namequery param/plugins/drag-and-drop/upload.actionArbitrary file write via path traversal during shellcode upload by crafting the filenameCWE-22
sizequery param/plugins/drag-and-drop/upload.actionArbitrary file write via path traversal during shellcode upload by crafting the filenameCWE-22
mimeTypequery param/plugins/drag-and-drop/upload.actionArbitrary file write via path traversal during shellcode upload by crafting the filenameCWE-22

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Oct 2025 13:39Current
8.8High risk
Vulners AI Score8.8
CVSS 3.18.8
CVSS 29
EPSS0.93854
SSVC
CWE-22In Wild
cve-2019-3398confluenceserverdata centerpath traversalvulnerabilityremote code executionnvdsecurity fix
1075