1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability

Known Exploited Vulnerabilities CVE-2019-3396 Mappings

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2019-3396 Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability secondary_impact T1202 Indirect Command Execution
Comments
CVE-2019-3396 is a critical server-side template injection vulnerability in Atlassian Confluence Server and Data Center that could lead to remote code execution.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/game-over-detecting-and-stopping-an-apt41-operation/
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-3396 Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability primary_impact T1090 Proxy
Comments
CVE-2019-3396 is a critical server-side template injection vulnerability in Atlassian Confluence Server and Data Center that could lead to remote code execution.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/game-over-detecting-and-stopping-an-apt41-operation/
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-3396 Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability exploitation_technique T1133 External Remote Services
Comments
CVE-2019-3396 is a critical server-side template injection vulnerability in Atlassian Confluence Server and Data Center that could lead to remote code execution.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/game-over-detecting-and-stopping-an-apt41-operation/
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a