Lucene search
AtlassianCVELIST:CVE-2020-29448HistoryFeb 18, 2021 - 3:08 p.m.
CVE-2020-29448
2021-02-1815:08:59
atlassian
www.cve.org
5
confluence
remote attackers
arbitrary files
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
CNA Affected
[
{
"product": "Confluence Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "6.13.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.14.0",
"versionType": "custom"
},
{
"lessThan": "7.4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
},
{
"lessThan": "7.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Confluence Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "6.13.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.14.0",
"versionType": "custom"
},
{
"lessThan": "7.4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
},
{
"lessThan": "7.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nessus
nessus
nvd
nvd
CVE-2020-29448
2021-02-22 21:15:19
prion
prion
Path traversal
2021-02-22 21:15:00
cve
cve
CVE-2020-29448
2021-02-22 21:15:19
atlassian
atlassian
Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240
2021-02-16 18:29:42
Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240
2021-02-16 18:29:42
Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085
2021-07-21 00:18:45