Atlassian.Confluence.downloadallattachments.Path.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Path Traversal vulnerability in Confluence Server and Data Center.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling file attachments requests. A remote attacker may be able to exploit this to write files to arbitrary locations on the systems, leading to possible remote code execution.

affected-products-logoAffected Products

2.0.0 <= version < 6.6.13
6.7.0 <= version < 6.12.4
6.13.0 <= version < 6.13.4
6.14.0 <= version < 6.14.3
6.15.0 <= version < 6.15.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory for updates:
https://confluence.atlassian.com/doc/confluence-security-advisory-2019-04-17-968660855.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-03-12 27.747 Name:Confluence.
downloadallattachments.
Resource.
Path.
Traversal:Atlassian.
Confluence.
downloadallattachments.
Path.
Traversal
2021-03-10 18.033 Sig Added
2019-06-13 14.632 Default_action:pass:drop
2019-06-06 14.627 Severity:critical:high
2019-05-29 14.622