Intrusion Prevention

Confluence.downloadallattachments.Resource.Path.Traversal

Description

This indicates an attack attempt to exploit a Path Traversal vulnerability in Confluence Server and Data Center.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling file attachments requests. A remote attacker may be able to exploit this to write files to arbitrary locations on the systems, leading to possible remote code execution.

Affected Products

2.0.0 6.7.0 6.13.0 6.14.0 6.15.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's advisory for updates:
https://confluence.atlassian.com/doc/confluence-security-advisory-2019-04-17-968660855.html

CVE References

CVE-2019-3398