What is CVE-2019-3398?

CVE-2019-3398 is a vulnerability in Atlassian Confluence. Published 2019-04-18.

Is CVE-2019-3398 known to be exploited?

Yes. CVE-2019-3398 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 18 public proof-of-concept repositories are indexed.

Vulnerability in Atlassian Confluence

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or wh…

EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.

Affected products

Atlassian Confluence — versions 2.0.0, unspecified, 6.7.0

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2021-11-03. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2022-05-03.

Required action: Apply updates per vendor instructions.

Public proof-of-concept exploits

References

jira.atlassian.com/browse/CONFSERVER-58102 (x_refsource_MISC)
20190424 Confluence Security Advisory - 2019-04-17 (mailing-list, x_refsource_BUGTRAQ)
packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Travers… (x_refsource_MISC)
108067 (vdb-entry, x_refsource_BID)
packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Trav… (x_refsource_MISC)
packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Trav… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-3398?: CVE-2019-3398 is a vulnerability in Atlassian Confluence. Published 2019-04-18.
Is CVE-2019-3398 known to be exploited?: Yes. CVE-2019-3398 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 18 public proof-of-concept repositories are indexed.