What is the threat?
Multiple high severity vulnerabilities have been found in the Widget Connector Macro in Atlassian Confluence Server. The server had an http vulnerability which allowed attackers to access restricted directories and execute commands on systems that run a vulnerable version of Confluence Server or Data Center instance via server-side template injection.
Why is this noteworthy?
Widget Connector Macro is a part of Atlassian Confluence Server and Confluence Data Center that allows embedding online videos, slideshows, photo streams and other multimedia content from other websites directly into the confluence page. To exploit this vulnerability, no authentication is necessary. This can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.
What is the exposure or risk?
A remote attacker who has permission to add attachments to pages, or to create a new space or personal space, can exploit this path traversal vulnerability to write files to arbitrary locations. This can leave everyone who is running a vulnerable version of Confluence Server or Data Center, prone to remote code execution on their systems.
What can you do?
SKOUT recommends upgrading to a patched version of Confluence Server or Confluence Data Center.
Affected versions: All versions of Confluence Server and Confluence Data Center before version 6.6.12, from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x) and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x).
Links for Fixes:
- Confluence Server version 6.15.1 –https://www.atlassian.com/software/confluence/download
- Confluence Server version 6.14.2 –https://www.atlassian.com/software/confluence/download-archives
- Confluence Server version 6.13.3 –https://www.atlassian.com/software/confluence/download-archives
- Confluence Server version 6.12.3 –https://www.atlassian.com/software/confluence/download-archives
- Confluence Server version 6.6.12 –https://www.atlassian.com/software/confluence/download-archives
References:
For more in-depth information about the recommendations, please visit the following links:
- https://nvd.nist.gov/vuln/detail/CVE-2019-3396
- https://jira.atlassian.com/browse/CONFSERVER-57974
- https://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html
- https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html
If you have any questions, please contact our Secure Intelligence Center.
