CVE-2019-3396

Name of the Vulnerable Software and Affected Versions Atlassian Confluence Server versions 6.6.0 through 6.6.11 Atlassian Confluence Server versions 6.7.0 through 6.12.2 Atlassian Confluence Server versions 6.13.0 through 6.13.2 Atlassian Confluence Server versions 6.14.0 through 6.14.1

Description The issue allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. This is due to incorrect restriction of the directory path name with limited access. The exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For versions 6.6.0 through 6.6.11, update to version 6.6.12 or later. For versions 6.7.0 through 6.12.2, update to version 6.12.3 or later. For versions 6.13.0 through 6.13.2, update to version 6.13.3 or later. For versions 6.14.0 through 6.14.1, update to version 6.14.2 or later.