← voltar
CVE-2019-3396

CVE-2019-3396

CVSS 9.8 CRITICALEPSS 99.9%● KEVCWE-22
Em resumo

Uma falha no macro Widget Connector do Atlassian Confluence permite que atacantes manipulem caminhos de arquivos e executem código malicioso no servidor injetando templates perigosos. Afeta múltiplas versões e pode comprometer todo o sistema.

Detalhe técnico

O macro Widget Connector é vulnerável a injeção de template no lado do servidor (SSTI), permitindo travessia de diretórios (CWE-22) e execução remota de código. Um atacante remoto não autenticado pode explorar isso através de entrada de template malformada, afetando implementações do Confluence Server e Data Center em vários ramos de versão.

Resumo gerado e traduzido por IA a partir da descrição oficial.
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Atlassian · Confluence Server
PoCs públicas encontradas28
githubgithub.com/Yt1g3r/CVE-2019-3396_EXP174githubgithub.com/jas502n/CVE-2019-3396145githubgithub.com/pyn3rd/CVE-2019-339639githubgithub.com/x-f1v3/CVE-2019-339622githubgithub.com/0xNinjaCyclone/cve-2019-33963githubgithub.com/PetrusViet/cve-2019-33962githubgithub.com/Avento/CVE-2019-3396-Memshell-for-Behinder2githubgithub.com/vntest11/confluence_CVE-2019-33960githubgithub.com/tanw923/test10githubgithub.com/skommando/CVE-2019-3396-confluence-poc0githubgithub.com/JonathanZhou348/CVE-2019-3396TEST0githubgithub.com/am6539/CVE-2019-33960githubgithub.com/W2Ning/CVE-2019-33960githubgithub.com/yuehanked/cve-2019-33960githubgithub.com/46o60/CVE-2019-3396_Confluence0githubgithub.com/kh4sh3i/CVE-2019-33960githubgithub.com/tranphuc2005/CVE-2019-33960githubgithub.com/HK4zCzi/CVE-2019-3396-Velocity-Server-Side-Template-Injection0githubgithub.com/tno01/cve-2019-33960githubgithub.com/dothanthitiendiettiende/CVE-2019-33960githubgithub.com/xiaoshuier/CVE-2019-33960githubgithub.com/s1xg0d/CVE-2019-33960githubgithub.com/quanpt103/CVE-2019-33960exploitdbwww.exploit-db.com/exploits/49465não verificadocve_referencepacketstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.htmlnão verificadocve_referencewww.exploit-db.com/exploits/46731/não verificadoexploitdbwww.exploit-db.com/exploits/46731não verificadocve_referencepacketstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.htmlhttp://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.htmlhttps://jira.atlassian.com/browse/CONFSERVER-57974https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396https://www.exploit-db.com/exploits/46731/http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector