Blind server-side request forgery vulnerability in Atlassian Confluence Server - CVE-2020-29445 (linux)ID: oval:org.secpod.oval:def:74413 | Date: (C)2021-08-18 (M)2023-05-30 |
Class: VULNERABILITY | Family: unix |
The host is installed with Atlassian Confluence Server before 7.4.8 or 7.5.x before 7.11.0 and is prone to a blind server-side request forgery vulnerability. A flaw is present in the application which fails to properly handle team calendars parameters. Successful exploitation allows remote attackers to identify internal hosts and ports.
Product: |
Atlassian Confluence Server |