6 matches found
Mail.ru: Path traversal lead to LFR via [CVE-2019-3394]
Path traversal lead to Local File Read via CVE-2019-3403 in confluence.plazius.ru...
Confluence Server Local File Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/x/uAsvOg . CVE ID: CVE-2019-3394. Product: Confluence Server. Affected Confluence Server product versions: 6.1.0 = 6.1.0 but less than 6.6.16 or who have downloaded and...
CVE-2019-3394
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under /confluence/WEB-INF directory, which may contain configuration...
CVE-2019-3394
CVE-2019-3394 affects Atlassian Confluence Server/Data Center: a local file disclosure in the page export feature allows an authenticated attacker with page-edit permission to read arbitrary files under the Confluence install directory (notably /confluence/WEB-INF). Impact could include leakage o...
Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394
Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...
Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394
Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...