Known Exploited Vulnerabilities CVE-2019-3398 Mappings

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.

Mappings

Loading, please wait
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
Notes
CVE-2019-3398 Atlassian Confluence Server and Data Center Path Traversal Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2019-3398 is a path traversal vulnerability in Atlassian Confluence Server and Data Center that allows an authenticated attacker to write files to arbitrary locations, potentially leading to remote code execution
References
CVE-2019-3398 Atlassian Confluence Server and Data Center Path Traversal Vulnerability exploitation_technique T1202 Indirect Command Execution
Comments
CVE-2019-3398 is a path traversal vulnerability in Atlassian Confluence Server and Data Center that allows an authenticated attacker to write files to arbitrary locations, potentially leading to remote code execution
References
Showing 1 to 2 of 2 rows