Atlassian: >> Confluence Server >> 1.1 Security Vulnerabilities
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2019-03-25
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-02-13
Page 3