Arbitrary file read vulnerability in Atlassian Confluence Server - CVE-2020-29448 (linux)ID: oval:org.secpod.oval:def:74416 | Date: (C)2021-08-18 (M)2023-02-13 |
Class: VULNERABILITY | Family: unix |
The host is installed with Atlassian Confluence Server before 6.13.18, 6.14.x before 7.4.6 or 7.5.x before 7.8.3 and is prone to an arbitrary file read vulnerability. A flaw is present in the application which fails to properly handle the ConfluenceResourceDownloadRewriteRule class. Successful exploitation allows remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Product: |
Atlassian Confluence Server |