PT-2021-11666 · Atlassian · Confluence
Stefano Castilletti
·
Published
2021-05-07
·
Updated
2025-02-12
·
CVE-2020-29445
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Confluence Server versions prior to 7.4.8
Confluence Server versions 7.5.0 through 7.10.9
Description:
The issue allows attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.
Recommendations:
For Confluence Server versions prior to 7.4.8, update to version 7.4.8 or later.
For Confluence Server versions 7.5.0 through 7.10.9, update to version 7.11.0 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Confluence