CVE-2019-3396
CVE-2019-3396
In short
A flaw in Atlassian Confluence's Widget Connector macro allows attackers to manipulate file paths and execute harmful code on the server by injecting malicious templates. This affects multiple versions and can lead to complete system compromise.
Technical detail
The Widget Connector macro is vulnerable to server-side template injection (SSTI), enabling path traversal (CWE-22) and remote code execution. An unauthenticated remote attacker can exploit this by crafting malicious template input, affecting Confluence Server and Data Center deployments across multiple version branches.
Summary generated and translated by AI from the official description.
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Atlassian · Confluence Serverpublic PoCs found — 28
githubgithub.com/Yt1g3r/CVE-2019-3396_EXP★ 174githubgithub.com/jas502n/CVE-2019-3396★ 145githubgithub.com/pyn3rd/CVE-2019-3396★ 39githubgithub.com/x-f1v3/CVE-2019-3396★ 22githubgithub.com/0xNinjaCyclone/cve-2019-3396★ 3githubgithub.com/PetrusViet/cve-2019-3396★ 2githubgithub.com/Avento/CVE-2019-3396-Memshell-for-Behinder★ 2githubgithub.com/vntest11/confluence_CVE-2019-3396★ 0githubgithub.com/tanw923/test1★ 0githubgithub.com/skommando/CVE-2019-3396-confluence-poc★ 0githubgithub.com/JonathanZhou348/CVE-2019-3396TEST★ 0githubgithub.com/am6539/CVE-2019-3396★ 0githubgithub.com/W2Ning/CVE-2019-3396★ 0githubgithub.com/yuehanked/cve-2019-3396★ 0githubgithub.com/46o60/CVE-2019-3396_Confluence★ 0githubgithub.com/kh4sh3i/CVE-2019-3396★ 0githubgithub.com/tranphuc2005/CVE-2019-3396★ 0githubgithub.com/HK4zCzi/CVE-2019-3396-Velocity-Server-Side-Template-Injection★ 0githubgithub.com/tno01/cve-2019-3396★ 0githubgithub.com/dothanthitiendiettiende/CVE-2019-3396★ 0githubgithub.com/xiaoshuier/CVE-2019-3396★ 0githubgithub.com/s1xg0d/CVE-2019-3396★ 0githubgithub.com/quanpt103/CVE-2019-3396★ 0exploitdbwww.exploit-db.com/exploits/49465unverifiedcve_referencepacketstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46731/unverifiedexploitdbwww.exploit-db.com/exploits/46731unverifiedcve_referencepacketstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.htmlhttp://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.htmlhttps://jira.atlassian.com/browse/CONFSERVER-57974https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396https://www.exploit-db.com/exploits/46731/http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector