1. Home
  2. Mapping Frameworks
  3. CVE Home
  4. Confluence Server

CVE CVE-2019-3396 Mappings

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2019-3396 Confluence Server uncategorized T1203 Exploitation for Client Execution
CVE-2019-3396 Confluence Server uncategorized T1190 Exploit Public-Facing Application
CVE-2019-3396 Confluence Server uncategorized T1083 File and Directory Discovery