What is CVE-2019-3394?

CVE-2019-3394 is a vulnerability in Atlassian Confluence Server. Published 2019-08-29.

Is CVE-2019-3394 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Confluence Server

CVE-2019-3394

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <ins…

EPSS: 0.758 (98.9th percentile) — read the EPSS interpretation.

Affected products

Atlassian Confluence Server — versions 6.1.0, unspecified, 6.7.0

Public proof-of-concept exploits

jas502n/CVE-2019-3394
0xT11/CVE-POC
ARPSyndicate/cvemon
Awrrays/FrameVul
SexyBeast233/SecBooks
TrojanAZhen/Self_
brunsu/woodswiki
cc8700619/poc
developer3000S/PoC-in-GitHub
goddemondemongod/Sec-Interview

References

jira.atlassian.com/browse/CONFSERVER-58734 (x_refsource_MISC)
confluence.atlassian.com/x/uAsvOg (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-3394?: CVE-2019-3394 is a vulnerability in Atlassian Confluence Server. Published 2019-08-29.
Is CVE-2019-3394 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.