atlassian confluence path traversal

Sooraj V Nair
Published on
01 Oct 2021

In Atlassian Confluence Server the Widget Connector macro before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to gain path traversal and remote code execution on the download all attachments resource in Confluence Server or Data Center instance via server-side template injection. A remote attacker who has permission to add attachments to pages and/or blogs or to create a new space or a personal space or who has ‘Admin’ permissions for space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.

Mitigation / Precaution

We suggest you upgrade to the latest version.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment