CVE-2019-15006

Name of the Vulnerable Software and Affected Versions Confluence Server (affected versions not specified) Confluence Data Center (affected versions not specified)

Description A man-in-the-middle (MITM) issue was found in the Confluence Previews plugin, which is used for communication with the Atlassian Companion application. The plugin uses the atlassian-domain-for-localhost-connections-only.com domain, and a signed certificate for this domain was previously distributed with the Companion application. However, this certificate has been revoked. An attacker controlling DNS resolution for a victim could perform a MITM attack between Confluence Server or Confluence Data Center and the atlassian-domain-for-localhost-connections-only.com domain. By denying access to certificate revocation information, the attacker could observe and modify files being edited with the Companion application and access limited user information.

Recommendations For Confluence Server, remove or disable the usage of the atlassian-domain-for-localhost-connections-only.com domain name to prevent MITM attacks. For Confluence Data Center, remove or disable the usage of the atlassian-domain-for-localhost-connections-only.com domain name to prevent MITM attacks. As a temporary workaround, consider restricting access to the Confluence Previews plugin until the issue is fully resolved.