Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2019-3394
HistoryAug 29, 2019 - 3:15 p.m.

Arbitrary file deletion

2019-08-2915:15:00
PRIOn knowledge base
www.prio-n.com
4

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.189 Low

EPSS

Percentile

96.1%

JSON

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.

Related

packetstorm 1
checkpoint_advisories 1
nessus 1
atlassian 2
cve 1
hackerone 1
githubexploit 1
packetstorm
packetstorm
Confluence Server Local File Disclosure
2019-08-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Atlassian Confluence Server Information Disclosure (CVE-2019-3394)
2020-02-23 00:00:00
nessus
nessus
Atlassian Confluence 6.1.x < 6.6.16 / 6.7.x < 6.13.7 / 6.14.x < 6.15.8 Local File Disclosure Vulnerability
2019-09-06 00:00:00
atlassian
atlassian
Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394
2019-08-19 20:17:30
Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394
2019-08-19 20:17:30
cve
cve
CVE-2019-3394
2019-08-29 15:15:00
hackerone
hackerone
Mail.ru: Path traversal lead to LFR via [CVE-2019-3394]
2020-09-12 21:50:28
githubexploit
githubexploit
Exploit for Path Traversal in Atlassian Confluence Server
2019-08-30 07:44:17

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.189 Low

EPSS

Percentile

96.1%

JSON
Related for PRION:CVE-2019-3394
packetstorm1checkpoint_advisories1nessus1atlassian2cve1hackerone1githubexploit1