Confluence SSRF

Confluence SSRF and Remote Code Execution Vulnerability Handling Guide

April 22, 2019

1 Vulnerability Overview

Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a remote code execution vulnerability (CVE-2019-3396). The two vulnerabilities respectively reside in WebDAV and Widget Connector and could be exploited by an attacker for remote code execution and server-side request forgery. (more…)

Search

Subscribe to the NSFOCUS Blog