There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance.
Affected versions:
Fix:
For additional details, see the full advisory: [https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+-+2019-03-20]