The Widget Connector macro in Atlassian Confluence Server before version 6.6.12, 6.7.0 < 6.12.3, 6.13.0 < 6.13.3 and 6.14.0 < 6.14.2 allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
This vulnerability has been verified using a remote check and should be remediated immediately.
No source data