14 matches found
Atlassian Confluence < 7.11.0 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior 7.11.0. It is, therefore, affected by the following vulnerabilities : - A blind Server-Side Request Forgery SSRF vulnerability in Team Calendars parameters. CVE-2020-29445 - A...
Atlassian Confluence Server Server-Side Request Forgery Vulnerability
Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A server-side request forgery vulnerability exists in Confluence Server versions prior to 7.11.0,...
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
Server side request forgery (ssrf)
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
CVE-2020-29445
CVE-2020-29445 describes a blind SSRF in Atlassian Confluence Server’s Team Calendars parameters. Affected are Confluence Server versions before 7.4.8 and 7.5.0 through 7.10.9 (pre-7.11.0). Root cause is a server-side request forgery in the Team Calendars functionality, enabling an attacker to id...
Atlassian Confluence Server 代码问题漏洞
Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A server-side request forgery vulnerability exists in Confluence Server versions prior to 7.11.0,...
PT-2021-11666 · Atlassian · Confluence
Name of the Vulnerable Software and Affected Versions: Confluence Server versions prior to 7.4.8 Confluence Server versions 7.5.0 through 7.10.9 Description: The issue allows attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars...
Blind SSRF in Team Calendars REST API using location parameter - CVE-2020-29445
Affected versions of Confluence Server allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Affected versions: 7.11.0 Fixed versions: 7.11.0 7.4.8 LTS This vulnerability is attributed to Stefano Castilletti, a...
Blind SSRF in Team Calendars REST API using location parameter - CVE-2020-29445
Affected versions of Confluence Server allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Affected versions: 7.11.0 Fixed versions: 7.11.0 7.4.8 LTS This vulnerability is attributed to Stefano Castilletti, a...
SSRF Team Calendars
The following endpoint has an SSRF that can be used to enumerate internal network resources that are not publicly exposed to the internet. noformat PUT /wiki/rest/calendar-services/1.0/calendar/subcalendars.json noformat PoC Using the "Team Calendar" macro, select the "Subscribe by URL" option...
Cross-Site Scripting in subscribetocalendar.action
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-48910. panel The contents of the 'subCalendarId' parameter is not validated in POST requests to 'subscribetocalendar.action' an...
Cross-Site Scripting in subscribetocalendar.action
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48910. panel The contents of the 'subCalendarId' parameter is not validated in POST requests to 'subscribetocalendar.action' and...