Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassianSecurity-metrics-botATLASSIAN:CONFSERVER-60469
HistoryNov 10, 2020 - 12:03 a.m.

Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

2020-11-1000:03:08
security-metrics-bot
jira.atlassian.com
300

0.96 High

EPSS

Percentile

99.5%

JSON

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

h3. Affected versions:

  • version < 6.13.18
  • 6.14.0 ≀ version < 7.4.6
  • 7.5.0 ≀ version < 7.8.3

h4. Fixed versions:

  • 6.13.18
  • 7.4.6
  • 7.8.3
  • 7.9.0

This vulnerability is attributed to Amit Laish, a security researcher from GE Digital.

Related

atlassian 7
checkpoint_advisories 1
hackerone 1
cvelist 4
openvas 1
prion 4
cve 4
nvd 4
nessus 4
githubexploit 3
nuclei 2
zdt 2
cnvd 1
packetstorm 2
seebug 1
cisa_kev 1
attackerkb 1
dsquare 1
exploitdb 2
atlassian
atlassian
Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448
2020-11-10 00:03:08
Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085
2021-07-21 00:18:45
Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085
2021-07-21 00:18:45
checkpoint_advisories
checkpoint_advisories
Atlassian Confluence Server Arbitrary File Read (CVE-2021-26085; CVE-2021-26086)
2022-02-06 00:00:00
hackerone
hackerone
MariaDB: Path Traversal CVE-2021-26086 CVE-2021-26085
2021-10-13 12:36:15
cvelist
cvelist
CVE-2020-36240
2021-02-28 00:00:00
CVE-2020-29448
2020-11-10 00:00:00
CVE-2021-26086
2021-08-12 00:00:00
openvas
openvas
'/;/WEB-INF/' Information Disclosure Vulnerability (HTTP)
2021-10-06 00:00:00
prion
prion
Design/Logic Flaw
2021-03-01 17:15:00
Path traversal
2021-02-22 21:15:00
Arbitrary file deletion
2021-08-03 00:15:00
cve
cve
CVE-2020-36240
2021-03-01 17:15:12
CVE-2020-29448
2021-02-22 21:15:19
CVE-2021-26086
2021-08-16 01:15:06
nvd
nvd
CVE-2020-36240
2021-03-01 17:15:12
CVE-2020-29448
2021-02-22 21:15:19
CVE-2021-26086
2021-08-16 01:15:06
nessus
nessus
Atlassian Confluence < 6.13.18 / 6.14 < 7.4.6 / 7.5 < 7.8.3 Arbitrary File Read (CONFSERVER-60469)
2021-02-26 00:00:00
Jira Server/Data Center Limited Remote File Read (CVE-2021-26086)
2023-12-19 00:00:00
Atlassian Jira < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 / 8.17.0 (JRASERVER-72695)
2022-07-06 00:00:00
githubexploit
githubexploit
Exploit for Missing Authorization in Atlassian Confluence
2021-10-06 20:03:22
Exploit for Path Traversal in Atlassian Jira Data Center
2021-10-05 14:09:52
Exploit for Missing Authorization in Atlassian Confluence
2021-10-05 08:20:25
nuclei
nuclei
Atlassian Confluence Server - Local File Inclusion
2021-12-20 09:50:14
Atlassian Jira Limited - Local File Inclusion
2021-08-26 03:45:56
zdt
zdt
Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability
2021-10-05 00:00:00
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Vulnerability
2021-10-05 00:00:00
cnvd
cnvd
Atlassian System dashboard-Jira is vulnerable to unauthorized access
2022-06-15 00:00:00
packetstorm
packetstorm
Atlassian Jira Server/Data Center 8.4.0 File Read
2021-10-05 00:00:00
Atlassian Confluence Server 7.5.1 Arbitrary File Read
2021-10-05 00:00:00
seebug
seebug
Atlassian Jira ζ–‡δ»Άθ―»ε–ζΌζ΄žοΌˆCVE-2021-26086οΌ‰
2021-08-20 00:00:00
cisa_kev
cisa_kev
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
2022-03-28 00:00:00
attackerkb
attackerkb
CVE-2021-26085
2021-07-29 00:00:00
dsquare
dsquare
Confluence < 7.12.3 File Disclosure
2021-09-07 00:00:00
exploitdb
exploitdb
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
2021-10-06 00:00:00
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read
2021-10-05 00:00:00

0.96 High

EPSS

Percentile

99.5%

JSON
Related for ATLASSIAN:CONFSERVER-60469
atlassian7checkpoint_advisories1hackerone1cvelist4openvas1prion4cve4nvd4nessus4githubexploit3nuclei2zdt2cnvd1packetstorm2seebug1cisa_kev1attackerkb1dsquare1exploitdb2